From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com> |
Subject: | Re: danger of stats_temp_directory = /dev/shm |
Date: | 2013-08-15 06:20:58 |
Message-ID: | CABUevEzHdwBgapH8kT8h4anu7O2snYw6Megd_wo1v-JuhT9Apg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Aug 15, 2013 3:44 AM, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Josh Berkus <josh(at)agliodbs(dot)com> writes:
> >> Before 9.3, it would delete one specific file from a potentially shared
> >> directory. In 9.3 it deletes the entire contents of a potentially
shared
> >> directory. That is a massive expansion in the surface area for
> >> unintentional deletion. If we will disallow using shared directories
> >> before the time 9.3 is released, that would fix it one way, but I don't
> >> know if that is the plan or not.
>
> > I can't see doing that. I can see adding the requirement for 9.3, and
> > then documenting it though.
>
> I think we should change 9.3 to be restrictive about ownership/permissions
> on the stats_temp_directory (ie, require owner = postgres user,
> permissions = 0700, same as for the $PGDATA directory). I agree that
> back-patching such a change to the older branches is probably not a good
+1
>
> In addition to that, it might be a good idea to do what the comment in the
> code suggests, namely do more than zero checking on each file name to try
> to make sure it looks like a stats temp file name that we'd generate
> before we delete it. The ownership/permissions test wouldn't be enough
> to prevent you from pointing at, say, ~postgres and thereby losing some
> files you'd rather not.
+1 on that as well. It shouldn't be that hard to do.
/Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2013-08-15 07:51:32 | psql missing tab completion for extensions |
Previous Message | Amit Kapila | 2013-08-15 04:37:46 | Re: StrategyGetBuffer optimization, take 2 |