Re: 9.2 beta2 - pg_ctl crashes on Win32 when neither PGDATA nor -D specified

Поиск
Список
Период
Сортировка
От Amit Kapila
Тема Re: 9.2 beta2 - pg_ctl crashes on Win32 when neither PGDATA nor -D specified
Дата
Msg-id 003a01cd49ed$f32ea690$d98bf3b0$@kapila@huawei.com
обсуждение исходный текст
Ответ на Re: 9.2 beta2 - pg_ctl crashes on Win32 when neither PGDATA nor -D specified  (Alvaro Herrera <alvherre@commandprompt.com>)
Список pgsql-bugs
Дерево обсуждения 
Please Find the patch based on idea I have suggested attached with this mai=
l.
Let me know your comments regarding the same.


-----Original Message-----
From: pgsql-bugs-owner@postgresql.org [mailto:pgsql-bugs-owner@postgresql.o=
rg] On Behalf Of Alvaro Herrera
Sent: Wednesday, June 13, 2012 9:23 PM
To: Amit Kapila
Cc: 'Edmund Horner'; Tom Lane; Pg Bugs; Bruce Momjian
Subject: Re: [BUGS] 9.2 beta2 - pg_ctl crashes on Win32 when neither PGDATA=
 nor -D specified


Excerpts from Amit Kapila's message of mi=C3=A9 jun 13 00:53:47 -0400 2012:
> > Unfortunately in src/backend/main/main.c it only does a cursory check
> > for --help and --version.  So it would need to become a little more
> > complicated to scan for -C options at that stage.  It's not too much
> > if you can assume -C always appears first like the other special
> > options detected in that file.
>=20
> I am doubtful whether we should make such an exception for -C option, as
> this will
> be a change in behavior as compare to previous versions.=20
> How to do in code is next step.
> According to me the solution I have proposed is safer and already initdb
> handles in same way.
>=20
> I am waiting for other people opinion on this issue.

I agree with you.  The fact that we drop privileges is not only a
security measure; it's a robustness one as well.  With the current
setup, we can confidently say "it's not Postgres' fault" when the system
crashes with some weird kernel error.  A process running with
administrative privs is capable of doing privileged stuff that may
override safe interfaces provided by the operating system; a process
without admin privs is more constrained and should not be able to cause
the system to crash.  Any kernel crash, then, is not our responsibility.
If we allow -C to run with admin privs, we lose that.

--=20
=C3=81lvaro Herrera <alvherre@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

--=20
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: BUG #6666: pg_upgrade 9.2beta1 plpython/plpython2
Следующее
От: ms@it-infrastrukturen.org
Дата:
Сообщение: BUG #6689: socket file name convention doesn't allow different IPs and the same port for different pgclusters