On Fri, Jul 31, 2020 at 4:25 AM torikoshia <torikos...@oss.nttdata.com> wrote: > And as Fujii-san told me in person, exposing memory address seems > not preferable considering there are security techniques like > address space layout randomization.
Yeah, exactly. ASLR wouldn't do anything to improve security if there were no other security bugs, but there are, and some of those bugs are harder to exploit if you don't know the precise memory addresses of certain data structures. Similarly, exposing the addresses of our internal data structures is harmless if we have no other security bugs, but if we do, it might make those bugs easier to exploit. I don't think this information is useful enough to justify taking that risk. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
