Re: danger of stats_temp_directory = /dev/shm

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
Cc: Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: danger of stats_temp_directory = /dev/shm
Date: 2013-04-25 04:09:50
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
> Jeff Janes escribi:
>> With the stats file split patch 187492b6c2e8cafc5 introduced in 9.3dev, now
>> after a crash the postmaster will try to delete all files in the directory
>> stats_temp_directory. When that is just a subdirectory of PGDATA, this is
>> fine. But it seems rather hostile when it is set to a shared directory,
>> like the popular /dev/shm.

>> Does this need to be fixed, or at least documented?

> I think we need it fixed so that it only deletes the files matching a
> well-known pattern.

I think we need it fixed to reject any stats_temp_directory that is not
postgres-owned with restrictive permissions. The problem here is not
with what it deletes, it's with the insanely insecure configuration.

regards, tom lane

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Josh Berkus 2013-04-25 04:15:33 Please add discussion topics for cluster-hackers meeting
Previous Message Jeff Davis 2013-04-25 02:59:32 Re: Enabling Checksums