From: | Amit Kapila <amit(dot)kapila(at)huawei(dot)com> |
---|---|
To: | "'Alvaro Herrera'" <alvherre(at)commandprompt(dot)com>, "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | "'Edmund Horner'" <ejrh00(at)gmail(dot)com>, "'Pg Bugs'" <pgsql-bugs(at)postgresql(dot)org>, "'Bruce Momjian'" <bruce(at)momjian(dot)us> |
Subject: | Re: 9.2 beta2 - pg_ctl crashes on Win32 when neither PGDATA nor -D specified |
Date: | 2012-06-14 05:24:18 |
Message-ID: | 003a01cd49ed$f32ea690$d98bf3b0$@kapila@huawei.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Please Find the patch based on idea I have suggested attached with this mail.
Let me know your comments regarding the same.
-----Original Message-----
From: pgsql-bugs-owner(at)postgresql(dot)org [mailto:pgsql-bugs-owner(at)postgresql(dot)org] On Behalf Of Alvaro Herrera
Sent: Wednesday, June 13, 2012 9:23 PM
To: Amit Kapila
Cc: 'Edmund Horner'; Tom Lane; Pg Bugs; Bruce Momjian
Subject: Re: [BUGS] 9.2 beta2 - pg_ctl crashes on Win32 when neither PGDATA nor -D specified
Excerpts from Amit Kapila's message of mié jun 13 00:53:47 -0400 2012:
> > Unfortunately in src/backend/main/main.c it only does a cursory check
> > for --help and --version. So it would need to become a little more
> > complicated to scan for -C options at that stage. It's not too much
> > if you can assume -C always appears first like the other special
> > options detected in that file.
>
> I am doubtful whether we should make such an exception for -C option, as
> this will
> be a change in behavior as compare to previous versions.
> How to do in code is next step.
> According to me the solution I have proposed is safer and already initdb
> handles in same way.
>
> I am waiting for other people opinion on this issue.
I agree with you. The fact that we drop privileges is not only a
security measure; it's a robustness one as well. With the current
setup, we can confidently say "it's not Postgres' fault" when the system
crashes with some weird kernel error. A process running with
administrative privs is capable of doing privileged stuff that may
override safe interfaces provided by the operating system; a process
without admin privs is more constrained and should not be able to cause
the system to crash. Any kernel crash, then, is not our responsibility.
If we allow -C to run with admin privs, we lose that.
--
Álvaro Herrera <alvherre(at)commandprompt(dot)com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
Attachment | Content-Type | Size |
---|---|---|
pgctldefectfix.patch | application/octet-stream | 1.6 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Ryan Kelly | 2012-06-14 20:34:20 | Re: BUG #6694: 9.2 beta 2 : psql commands \db and \db+ fail |
Previous Message | phb.emaj | 2012-06-13 19:17:11 | BUG #6694: 9.2 beta 2 : psql commands \db and \db+ fail |