From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
Cc: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: danger of stats_temp_directory = /dev/shm |
Date: | 2013-04-25 04:09:50 |
Message-ID: | 12653.1366862990@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
> Jeff Janes escribi:
>> With the stats file split patch 187492b6c2e8cafc5 introduced in 9.3dev, now
>> after a crash the postmaster will try to delete all files in the directory
>> stats_temp_directory. When that is just a subdirectory of PGDATA, this is
>> fine. But it seems rather hostile when it is set to a shared directory,
>> like the popular /dev/shm.
>> Does this need to be fixed, or at least documented?
> I think we need it fixed so that it only deletes the files matching a
> well-known pattern.
I think we need it fixed to reject any stats_temp_directory that is not
postgres-owned with restrictive permissions. The problem here is not
with what it deletes, it's with the insanely insecure configuration.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Josh Berkus | 2013-04-25 04:15:33 | Please add discussion topics for cluster-hackers meeting |
Previous Message | Jeff Davis | 2013-04-25 02:59:32 | Re: Enabling Checksums |