Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sZGA4-00HNha-AG for pgsql-hackers@arkaria.postgresql.org; Wed, 31 Jul 2024 20:43:04 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sZGA2-00DW7o-PD for pgsql-hackers@arkaria.postgresql.org; Wed, 31 Jul 2024 20:43:02 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sZGA2-00DW7f-4T for pgsql-hackers@lists.postgresql.org; Wed, 31 Jul 2024 20:43:02 +0000 Received: from mail-yw1-x112f.google.com ([2607:f8b0:4864:20::112f]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sZG9v-002UjD-44 for pgsql-hackers@lists.postgresql.org; Wed, 31 Jul 2024 20:43:01 +0000 Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-6659e81bc68so53725027b3.0 for ; Wed, 31 Jul 2024 13:42:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joeconway.com; s=google; t=1722458573; x=1723063373; darn=lists.postgresql.org; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:from:to:cc:subject:date:message-id:reply-to; bh=J9udFW9FKQb1cgwHbIOou8tYm/fyPDhljQs6+ODcAfU=; b=dc3C+fVa9rBRvZNC2TXhapKz4ue/UKRdb+FqiSSPTo1pHgJrYw3KCiPAYuz5IB1824 xT6OodmJ+ENv8R9XtDq5j7LOCtjY4zo7BBLm5sNnisBGcxB8LWLTA8xNZ8wmbp09JDq5 lDCao+VFYGPohuOLRvppnmDE3jSSdTTD3pY7Wxqt51QRQSUuaS1eLXhR0xIzYHS7tpyp f2AGkTcbxvzKq27fC1HYeKXI1U9OUJ0ZKA/tQGrL0gANRWNFSwm574W5GeXIGiSOGa/P gK4vLEBAm9+c94/pjCrkfrQTSWKDGGKFia/GufB399GDSatd6dCTeFhM9O03aZM1bEdS 9mgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722458573; x=1723063373; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=J9udFW9FKQb1cgwHbIOou8tYm/fyPDhljQs6+ODcAfU=; b=nB4VstXclzCX1pMsWQP8M9mJhiXUQfu14RiQbQB/x0AHJmEW76/+4TfO2pSZ4C2p98 ivuwxo2Gv6N86Eb+90FV2UZr7UBb2jB1Prcrip7k38ymLddMtlbEeyufk/vU8idF78v7 WaBBD9ue//ZoGa6CRhUd5cg9EZrpd+h5IGkys56kL+W6m2dg0aGQednJ5JV9yrE4x5Nh qjF4lRBfV2pwljeGo3fgmchWGUhZtoKCFq8DiyJ7pEiHHJSEDG9O6nJAFyKVGYRmU0O5 3P8Dv+ZlUGXaV6POsau6chhCT1oONSa6VldE3MjcXp6NsuZ4crYgZVbWN6oEvFyPgei2 9/rg== X-Forwarded-Encrypted: i=1; AJvYcCUHE4VIPxe9cw+A5VrDecHn6/TxFzNp1pB/YG5+k1lVZn4LgPXCs/NCxyIolYE6+QChEhIht9me4fY7xXrrEZhmdlpeFHIBLRCUWJBj2HlFExmU X-Gm-Message-State: AOJu0Yw0yJMtFDvXyXbjGS9yDoXSb2f5yip+rwkef1qPLx9nakhJTp5l 1OccVx7AIywjR/H37CSy9C5m/Yw/zDv/yON2LSnlvMNDU/yp46YmK2DA+iYbzi8= X-Google-Smtp-Source: AGHT+IFxDGABJU2YstYOzkNHQqteyoCiJkXsCYBvGs12ZuUgRKukIHuykYdCJn5GwU4XeOpJQV3fuQ== X-Received: by 2002:a81:bb45:0:b0:650:9c5e:f6e2 with SMTP id 00721157ae682-6875019489emr3259157b3.34.1722458572719; Wed, 31 Jul 2024 13:42:52 -0700 (PDT) Received: from [192.168.4.41] (162-239-31-113.lightspeed.dybhfl.sbcglobal.net. [162.239.31.113]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6756b024d87sm30978027b3.87.2024.07.31.13.42.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 31 Jul 2024 13:42:52 -0700 (PDT) Message-ID: Date: Wed, 31 Jul 2024 16:42:51 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: can we mark upper/lower/textlike functions leakproof? To: Robert Haas Cc: Tom Lane , Andrew Dunstan , David Rowley , PostgreSQL Hackers References: <50d3a76e-afaa-44ed-aef5-6fb7f23cccab@dunslane.net> <5bef8bb0-7a50-4bcf-b052-2a12c3cda0f5@joeconway.com> <3416373.1722449026@sss.pgh.pa.us> <70b9e758-1050-4365-9d67-cc826faaf6a9@joeconway.com> Content-Language: en-US From: Joe Conway Autocrypt: addr=mail@joeconway.com; keydata= xsFNBEpXMCsBEADDnXUQzjlyi/cX02Gtdy2CLcroE5CsC7DJKdOBDbfgn0kfiIYoV5JniG4l VyzZUodY8yUAagqLYolh0UkBzs9N+qkm7erde4ypw3jzVQ37BuzIvk3nMUbuDZDgxWqX+nVS sKc+BQ5BpzgCHg48leoRO2ohjvYnUhgH3j2rFZCzaj6qQ7mv+XoxOJmUlVQtG06Jwkk7Vu14 7U9nMMM6hyUKzVnmCphnlcMNo26UyVU70MwFfFJgcI0c5fpp8byN56eD6VJVnufO5WAuEhzE qcrSJR2FAlmM90GBY+6vP29twLDCHuSFvrnujNCx/BvCC/a3/gPvyAFp4JtMm9eXAmq3m/Kw 94nTJXVdcbQeQQDp3KIG7MmWS4lnGvPn8v0CjgNaLvZXFLo1FgmUVsyEq1Lww4iRLa6sbpXJ ESx15UEue1k1YZM9C+4F/o3aeKNsAienjw2EXFzcaxIg/C4P493VMi3Qa8ycVxR5iYhUbYdo DFIUQhbFNsYfrtW/qZAELT3FCYFpZYG01e9Hj+cBrXXgyDDkQ5Lq4mlvmkRvuxn61V6Au4HA 0sJiCox5pM1FvzT+aI8HY1BYaiB9Pl4fhpKgmhhlSuglk9v39S4jmlUIb45iLAUVpeNM6Qjm 69pf5da9sm4aGFa7YlDSKf/WcU7z9ITZxsilOi2n7YJiwG7kTQARAQABzSRKb3NlcGggRSBD b253YXkgPG1haWxAam9lY29ud2F5LmNvbT7CwXoEEwEIACQCGwMCHgECF4AFCwkIBwMFFQoJ CAsFFgIDAQAFAlWTVvUCGQEACgkQMyt+aLaZQ0oPCQ/9HyRewMyvAIJRmoXoLAr8AoFLId6R qBJnNX0Lll0RLZui65aQ0+exwX7aH7TxWR16B2gWX3OmLfGT8XITOoG+zt9zsEpLvNkHchkF T/jyAcbuRj5WX9hamZgMbjXAJeCdlhW+fRA9Upb0w4dgBjqK5OgsqMikASL7t2vogHl9H08j vSoQLW+8wTnSBXBeBTBwB7xLIin5WVivzFHUCrnD2UsjeBIW3fmGdpTAjSxRzG+UPYVwXQ8F FLt7DpEytvLWapmZWMRdj0WZ/Q3SOO/Ed0yFqbzuwKaWcFrQBNeS2Sig+FefBNS98f9Hx7ku H3DW34qX/zSSdDh0jLs7X3PkIgF6BZR2TxaCwHPP9ERDiDaUInC9U7We1iZE1DjW8rLMEVJB hY0ClrrF67pnUKTbcU+uajpPn+2Jl74T0Set/XxpHZ4cezcJuqg31R8vHZgd5cf1WKP0D0pc qiuS02BBFkNCs1jQ+raTWcDuE6F1mUO2nvjUBN9r4y5DUbCNSqLKeAe/aA6JaSDkBpoXKdNS +c4rbzbktWkfUW8EhVlCGzNpy4ezEoVsqV2Ex7fNoxsE2vnSylLT9hycAmYf8ryMvniRZqnD T4JgLenIcQlkhB896T7wApOXfD8OJj1/XFxAfPi6vdlsr81uoxuB4euLp8IyduwLORRUogO9 zmAXG5jOwU0ESlcyJwEQAOkTBb9yDhJbMUgvhM11rZwT5tm4Y9TqtEHn0Zy3t9g7bdFFpMva v/KENd3oAtLFpMDf+H3AggFk4ftUwJwiVgJ88ilvCynJUGXiuYIaexY4DLgn4xpnuiEpYEFV dWnlw7dWVTc62exfqIz9bSWRzwfBCY9ruYGEb4RDPDSNSAVyI7sxHzef2asiYxIcxrTrw5Vu gWNlPZcV5/EJ6PUvATjBF2TBkXV7KOciQng2tsQGrGMkY5mduNqwpuh6zfPcVF8LeObe96wv 5ZhPRpO79nef7hnK2lJogp3JIo558Jlbz9WHtQEMZR85+bUhtI825QyNAFz3Jrn7NMgvDikc 2OrWo7YMgMC5hDSWVFqA6/EQCNnDWGABWgeYHZFpnPwsvUWIYdhSilUuj/Tuzvz9ZmucFNbQ bauDQw6VQ38ofGnoYDZFJsGncprB8dBi4tDrIQ+1RlIh6C2Z/eMipqJOT26+spluTjouvnKT 0S5yOgyX0PjbsysgwQdCGNJLHOjhHbSpSmOLaduV3CQo/0+DHT/TBjYfIXjTWouY9TkGxG4e NrxU0u2xAy5bMqOPmsFdjLTWlQUlF/fTMhB54XwI3FHWgnSnXZzStDTmTebLNdT/ftgliAzA 81uMj49j0exv731/v+7udLA1bV8gnZ01zQCASDpWiRQR3fgwcugSUqgRABEBAAHCwV8EGAEI AAkFAkpXMicCGwwACgkQMyt+aLaZQ0pwAQ//bjcWnZg/jjRQ9gbZUGMqniItZYRglBMKIqt4 Fia379JmHwTvavnFkJ8XMZ56UB0FIrgS+sUkRH6cPRQR+7Qi392LD021DXgSsz9CwFHjFyBG HwLEOTRcfYQbtJy0shHDJB4aQTOX3ERDH1PsvJNuevmQMzS0DWFav9+xMz9rKP4N+HffoBIZ E0C1xIE43nD4eLsbycte9sVIrmlNuUti3qUxJAQw8HwfJ6ZbBInHxquApR16uD1u99o6Xlnd FrDlY22tRmHCM0bR81GfGNdcU3Uo+rG/R/k4qa7s9/dgKvMbyH3fHhp/ceKag80Xo8IFurRl 0ZJP3sHJ2QDHCVLat7jRZ+43hi1WlIhFbrgn6IyI0i7XR/W8JjrC5MsKq4TUwGH077sU/kcH YebVJZRbUUst2hAGHDFVBcG12qoKf+ltL9qXJc1y7BGeCoUW6QjOpljpq6ZL4FQUsM0RSRjs 5egE3szPcIf5SyPK6WDOApoAq6M7BBFMGDZwEylYMtr0YekA1u86UA9D2xwLHEbBBp/uiby1 c9JbPJ1Pn8zJP8WZNeRw4Q9TtqVK09+oLirMUSpIDd6KdZ1VgRxOK2re7tjDvkVuYsSrsiJ+ 1iJNEnp9iK0ok0DlJpSCe6KhkxpaTdeoWMXdKuJWec0NIqoAd54ZgBPnr+UPxTixgPq/p6Q= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 7/31/24 16:10, Robert Haas wrote: > On Wed, Jul 31, 2024 at 2:43 PM Joe Conway wrote: >> I still maintain that there is a whole host of users that would accept >> the risk of side channel attacks via existence of an error or not, if >> they could only be sure nothing sensitive leaks directly into the logs >> or to the clients. We should give them that choice. > > I'm not sure what design you have in mind. A lot of possible designs > seem to end up like this: > > 1. You can't directly select the invisible value. > > 2. But you can write a plpgsql procedure that tries a bunch of things > in a loop and catches errors and uses which things error and which > things don't to figure out and return the invisible value. > > And I would argue that's not really that useful. Especially if that > plpgsql procedure can extract the hidden values in like 1ms/row. You are assuming that everyone allows direct logins with the ability to create procedures. Plenty don't. -- Joe Conway PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com