Michael Fuhr <mike@fuhr.org> writes:
> What about fork() followed by exec*(), either explicitly or via
> popen(), system(), etc.? Should these be avoided as well, or is
> there a safe way to do them? I'm thinking of the case where a
> user-defined function wants to invoke some external command -- I've
> done that in experiments but I've never been sure how safe it was.
Execing some new program is safe enough, although you might wish to
explicitly close the various sockets the backend holds to make sure
the new program doesn't maliciously scribble on them. (It may be worth
marking them close-on-exec, although doing this without breaking the
Windows port might be hard.)
The problem with the hack at hand is that you can't have two processes
sharing the same backend slot (not to mention the same transaction ID).
But launching something that isn't a backend is no problem.
regards, tom lane