| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: danger of stats_temp_directory = /dev/shm |
| Date: | 2013-04-26 15:40:14 |
| Message-ID: | CA+TgmoYnNi6UCt_73swjQQDe-ktkhP9oQTz4f+2b7NKxgzdNXw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Apr 25, 2013 at 12:09 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
>> Jeff Janes escribió:
>>> With the stats file split patch 187492b6c2e8cafc5 introduced in 9.3dev, now
>>> after a crash the postmaster will try to delete all files in the directory
>>> stats_temp_directory. When that is just a subdirectory of PGDATA, this is
>>> fine. But it seems rather hostile when it is set to a shared directory,
>>> like the popular /dev/shm.
>
>>> Does this need to be fixed, or at least documented?
>
>> I think we need it fixed so that it only deletes the files matching a
>> well-known pattern.
>
> I think we need it fixed to reject any stats_temp_directory that is not
> postgres-owned with restrictive permissions. The problem here is not
> with what it deletes, it's with the insanely insecure configuration.
Only deleting files matching the relevant pattern might not be a bad
idea either, though.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Hinze | 2013-04-26 15:59:52 | Re: [ADMIN] Simultaneous index creates on different schemas cause deadlock? |
| Previous Message | Robert Haas | 2013-04-26 15:38:51 | Re: Recovery target 'immediate' |