From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Fujii Masao" <masao(dot)fujii(at)gmail(dot)com> |
Cc: | "ITAGAKI Takahiro" <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Comments to Synchronous replication patch v3 |
Date: | 2008-11-28 16:10:27 |
Message-ID: | 26328.1227888627@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
"Fujii Masao" <masao(dot)fujii(at)gmail(dot)com> writes:
>>> You export replication_timeout as a PGC_USERSET variable, but it is
>>> dangerous. It allows non-superusers to kill servers easily by setting it
>>> too low value. Walsender dies with FATAL on timeout.
> Unlike other background processes, FATAL by walsender doesn't kill the
> whole server. In FATAL case, walsender is treated like the normal backend,
> and only walsender dies. Please see reaper() in postmaster.c.
> Just to be safe, I re-export the parameter as PGC_SUSET in the latest
> patch. Is still this parameter dangerous?
If this parameter is only used by a background process, then both of
those are wrong. It should be marked SIGHUP to reflect the fact that
the only effective way of modifying it is via postgresql.conf.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | David E. Wheeler | 2008-11-28 16:12:08 | Re: Distinct types |
Previous Message | Andrew Dunstan | 2008-11-28 16:09:21 | Re: Distinct types |