Spectre and Meltdown are unlikely to exploit the operating system through PostgreSQL. However, the hardware patch can slow down performance. 

meltdown-spectre-kernel-vulnerability.png

The Meltdown and Spectre bugs are hardware vulnerabilities that affect Intel x86 microprocessors and some ARM-based microprocessors. The bugs exploit a race condition between memory access and privilege checks to allow a rogue process to read all memory regardless of its authorisation.

They are not specifically a problem for FUJITSU Enterprise Postgres or PostgreSQL because FUJITSU Enterprise Postgres is fully compatible with PostgreSQL and does not differ from PostgreSQL in allowing operating system access. However, they are a problem for any vulnerable processors running an operating system that has not been patched for these bugs.

Therefore operating system patches have been released to deal with the bugs.

Implementing these operating system patches to protect against the bugs in the microprocessor design will result in a level of performance degradation in PostgreSQL, and FUJITSU Enterprise Postgres. These patches introduce a performance overhead that has been quoted as being between 5% and 30% however benchmarks seem to suggest around 7% but could be as high as 14% on a busy server.

No security patches are planned by the PostgreSQL community.

As stated above, the Spectre and Meltdown bugs exploit access to the operating system, which is not possible through PostgreSQL unless the user has super user access and utilises untrusted PL languages.


Call our experts on +612 9452 9191 if you would like to assess your database support arrangements or review our 24/7 PostgreSQL Support Plans.

Topics: PostgreSQL, PostgreSQL 10, Spectre and Meltdown Bugs