Skip site navigation (1) Skip section navigation (2)

Re: Comments to Synchronous replication patch v3

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Fujii Masao" <masao(dot)fujii(at)gmail(dot)com>
Cc: "ITAGAKI Takahiro" <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Comments to Synchronous replication patch v3
Date: 2008-11-28 16:10:27
Message-ID: 26328.1227888627@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
"Fujii Masao" <masao(dot)fujii(at)gmail(dot)com> writes:
>>> You export replication_timeout as a PGC_USERSET variable, but it is
>>> dangerous. It allows non-superusers to kill servers easily by setting it
>>> too low value. Walsender dies with FATAL on timeout.

> Unlike other background processes, FATAL by walsender doesn't kill the
> whole server. In FATAL case, walsender is treated like the normal backend,
> and only walsender dies. Please see reaper() in postmaster.c.

> Just to be safe, I re-export the parameter as PGC_SUSET in the latest
> patch. Is still this parameter dangerous?

If this parameter is only used by a background process, then both of
those are wrong.  It should be marked SIGHUP to reflect the fact that
the only effective way of modifying it is via postgresql.conf.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: David E. WheelerDate: 2008-11-28 16:12:08
Subject: Re: Distinct types
Previous:From: Andrew DunstanDate: 2008-11-28 16:09:21
Subject: Re: Distinct types

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group