From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Amit Kapila <amit(dot)kapila(at)huawei(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Proof of concept: standalone backend with full FE/BE protocol |
Date: | 2012-09-03 18:55:52 |
Message-ID: | CABUevEyArz5AEBYgU6SdZARheWQ41kExwx-TgTLC8PtJ4zet6g@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Sep 3, 2012 at 8:51 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> On Mon, Sep 3, 2012 at 7:07 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> Hmm, after looking at src/port/kill.c it doesn't seem like there's much
>>> of a problem with doing that. I had had the idea that our kill
>>> emulation only worked within the backend environment, but of course
>>> pg_ctl wouldn't work if that were so. So this is easier than I thought.
>
>> Yeah, kill works fine from non-backend as long as the *receiver* has
>> our backend environment.
>
> I have another question after thinking about that for awhile: is there
> any security concern there? On Unix-oid systems, we expect the kernel
> to restrict who can do a kill() on a postgres process. If there's any
> similar restriction on who can send to that named pipe in the Windows
> version, it's not obvious from the code. Do we have/need any
> restriction there?
We use the default for CreateNamedPipe() which is:
" The ACLs in the default security descriptor for a named pipe grant
full control to the LocalSystem account, administrators, and the
creator owner. They also grant read access to members of the Everyone
group and the anonymous account."
(ref: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365150(v=vs.85).aspx)
Given that we only respond to writes (we don't "publish information"
over it), I think that's a reasonable default to use.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2012-09-03 18:57:08 | Re: pg_upgrade del/rmdir path fix |
Previous Message | Tom Lane | 2012-09-03 18:51:36 | Re: Proof of concept: standalone backend with full FE/BE protocol |