Re: danger of stats_temp_directory = /dev/shm
| От | Robert Haas |
|---|---|
| Тема | Re: danger of stats_temp_directory = /dev/shm |
| Дата | |
| Msg-id | CA+TgmoYnNi6UCt_73swjQQDe-ktkhP9oQTz4f+2b7NKxgzdNXw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: danger of stats_temp_directory = /dev/shm (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Thu, Apr 25, 2013 at 12:09 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Alvaro Herrera <alvherre@2ndquadrant.com> writes: >> Jeff Janes escribió: >>> With the stats file split patch 187492b6c2e8cafc5 introduced in 9.3dev, now >>> after a crash the postmaster will try to delete all files in the directory >>> stats_temp_directory. When that is just a subdirectory of PGDATA, this is >>> fine. But it seems rather hostile when it is set to a shared directory, >>> like the popular /dev/shm. > >>> Does this need to be fixed, or at least documented? > >> I think we need it fixed so that it only deletes the files matching a >> well-known pattern. > > I think we need it fixed to reject any stats_temp_directory that is not > postgres-owned with restrictive permissions. The problem here is not > with what it deletes, it's with the insanely insecure configuration. Only deleting files matching the relevant pattern might not be a bad idea either, though. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: