| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: Back-patch use of unnamed POSIX semaphores for Linux? |
| Date: | 2016-12-07 14:33:57 |
| Message-ID: | 20161207143357.GX23417@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
All,
* Peter Eisentraut (peter(dot)eisentraut(at)2ndquadrant(dot)com) wrote:
> On 12/6/16 9:53 PM, Tom Lane wrote:
> > I think we should give serious consideration to back-patching commit
> > ecb0d20a9, which changed the default semaphore type to unnamed-POSIX
> > on Linux.
>
> Even with that change, dynamic shared memory is still vulnerable to be
> removed. So backpatching the semaphore change wouldn't achieve any new
> level of safety for users so that we could tell them, "you're good now".
I tend to agree with Peter, Magnus, and Craig on this. If you aren't
running PG as a system user on a system where systemd feels happy to
kill processes and remove shared memory segments and semaphores when you
log out, no amount of back-patching of anything is going to make you
'safe'. As noted in the thread referenced, users who are trying to
(mistakenly) do this are already having to modify their logind.conf file
to not have PG outright killed when they log out, it's on them to make
sure systemd doesn't do other stupid things when they log out too if
they really want PG to be run as their user account.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2016-12-07 14:37:31 | Re: Test "tablespace" fails during `make installcheck` on master-replica setup |
| Previous Message | Kevin Grittner | 2016-12-07 14:27:23 | Re: Separate connection handling from backends |