On Wed, Dec 23, 2015 at 07:07:31AM -0600, oleg yusim wrote: > May we run into situation, when attacker dumps memory and analyses it > for valuable content, instead of reserving it for own process, where > it would be zeroed? My understanding, it is a possibility. Does kernel > have any safeguard against it? Sure it might be possible, but they would not have much useful information about which old processes the pages belonged to, and besides, they could most likely simply dump memory of a connected client in this case, or indeed just examine the filesystem or cache to get at the raw PG database files. Once someone has this level of access to the system it's not really useful to model threats much further. One minor correction from my first mail: MAP_UNINITIALIZED is indeed accessible to non-root, but as George mentions only when a non-default kernel parameter has been enabled. David -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
