| From: | "Fujii Masao" <masao(dot)fujii(at)gmail(dot)com> |
|---|---|
| To: | "ITAGAKI Takahiro" <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Comments to Synchronous replication patch v3 |
| Date: | 2008-11-28 03:27:02 |
| Message-ID: | 3f0b79eb0811271927q595f1587qde5a6e4a641dd731@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello,
On Tue, Nov 25, 2008 at 6:03 PM, Fujii Masao <masao(dot)fujii(at)gmail(dot)com> wrote:
>> [2] User-configurable replication_timeout is dangerous
>> Index: backend/utils/misc/guc.c
>> + {"replication_timeout", PGC_USERSET, WAL_REPLICATION,
>>
>> You export replication_timeout as a PGC_USERSET variable, but it is
>> dangerous. It allows non-superusers to kill servers easily by setting it
>> too low value. Walsender dies with FATAL on timeout.
Unlike other background processes, FATAL by walsender doesn't kill the
whole server. In FATAL case, walsender is treated like the normal backend,
and only walsender dies. Please see reaper() in postmaster.c.
Just to be safe, I re-export the parameter as PGC_SUSET in the latest
patch. Is still this parameter dangerous?
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2008-11-28 03:43:40 | Re: New trigger file in pg_standby to promote the standby to the primary |
| Previous Message | Fujii Masao | 2008-11-28 02:45:19 | Synchronous replication patch v4 |