Re: Practical Timing Side Channel Attacks on Memory Compression

Robert Haas <robertmhaas@gmail.com> writes:
> One last thought: I don't think it's right to suppose that every
> security vulnerability is the result of some design flaw and every
> security vulnerability must be patched.

As far as Postgres is concerned, I'm kind of unimpressed by timing-based
attacks.  There are enough layers between a hypothetical attacker and a
particular algorithm in the backend that it'd be really hard to get any
reliable numbers.  Length-based attacks are more realistic, since e.g.
we allow you to find out the compressed size of a data value.  But as
you noted, those can be defeated by not storing sensitive data in the
same place as attacker-controlled data.  Or turning off compression,
but that's largely throwing the baby out with the bathwater.  In the
end I think it's up to the DBA how concerned to be about this and
what measures she should take to mitigate any risks.

            regards, tom lane