| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Amit Kapila <amit(dot)kapila(at)huawei(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Proof of concept: standalone backend with full FE/BE protocol |
| Date: | 2012-09-03 19:10:22 |
| Message-ID: | 23137.1346699422@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Mon, Sep 3, 2012 at 8:51 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> I have another question after thinking about that for awhile: is there
>> any security concern there? On Unix-oid systems, we expect the kernel
>> to restrict who can do a kill() on a postgres process. If there's any
>> similar restriction on who can send to that named pipe in the Windows
>> version, it's not obvious from the code. Do we have/need any
>> restriction there?
> We use the default for CreateNamedPipe() which is:
> " The ACLs in the default security descriptor for a named pipe grant
> full control to the LocalSystem account, administrators, and the
> creator owner. They also grant read access to members of the Everyone
> group and the anonymous account."
> (ref: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365150(v=vs.85).aspx)
Hm. The write protections sound fine ... but what's the semantics of
reading, is it like Unix pipes? If so, couldn't a random third party
drain the pipe by reading from it, and thereby cause signals to be lost?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2012-09-03 19:12:14 | Re: [WIP PATCH] for Performance Improvement in Buffer Management |
| Previous Message | Tom Lane | 2012-09-03 19:05:00 | Re: 9.2 pg_upgrade regression tests on WIndows |