Search Postgresql Archives

Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----Original Message-----
From: Adrian Klaver [mailto:adrian.klaver@xxxxxxxxxxx] 
Sent: Wednesday, November 18, 2015 3:47 PM
To: Day, David; pgsql-general@xxxxxxxxxxxxxx
Subject: Re:  postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/18/2015 11:45 AM, Day, David wrote:
> Hi,
>
> One of my co-workers came out of a NIST cyber-security type meeting 
> today and asked me to delve into postgres and zeroization.
>
> I am casually aware of mvcc issues and vacuuming
>
> I believe the   concern,  based on my current understanding  of postgres
> inner workings,  is  that when a dead tuple is reclaimed by vacuuming:
>   Is that reclaimed space initialized in some fashion that would  
> shred any sensitive data that was formerly there to any  inspection by  
> the subsequent owner of  that disk page ? ( zeroization )

Got to thinking, are you talking about a physical machine or a VM/container on shared hosting? If the latter then it is a more generic problem of detritus left behind between creations of virtual instances or cross talk on shared storage.

>
> Not sure that is the exact question to ask but hopefully you get a 
> feel for the requirement is  not to  leave any sensitive data laying 
> about for
>
> recovery by a hacker,  or at least minimize the places it could be 
> obtained without actually being able to log into postgres or having 
> raw disk access privileges.
>
> Thanks for any comments/instruction/links on the matter.
>
> Regards
>
> Dave Day
>


--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx

In some instances this would be a vm instance on a hosted machine in other cases a actual physical machine.

Thank you all for the feedback.


All good points.  I am not sure what the manner of attack/hack is until I get some further feedback out of the meeting participants.  I suspect it would be to the blocks pages released by postgres following a vacuum full.
How you determine what those pages blocks were I am not sure but suspect there is probably a way.
When I get some more detail on the standard and exact requirement I will repost with that info.


Again thanks



Dave Day






-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux