On Mon, Sep 3, 2012 at 8:51 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> Magnus Hagander <mag...@hagander.net> writes:
>> On Mon, Sep 3, 2012 at 7:07 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
>>> Hmm, after looking at src/port/kill.c it doesn't seem like there's much
>>> of a problem with doing that.  I had had the idea that our kill
>>> emulation only worked within the backend environment, but of course
>>> pg_ctl wouldn't work if that were so.  So this is easier than I thought.
>> Yeah, kill works fine from non-backend as long as the *receiver* has
>> our backend environment.
> I have another question after thinking about that for awhile: is there
> any security concern there?  On Unix-oid systems, we expect the kernel
> to restrict who can do a kill() on a postgres process.  If there's any
> similar restriction on who can send to that named pipe in the Windows
> version, it's not obvious from the code.  Do we have/need any
> restriction there?

We use the default for CreateNamedPipe() which is:
" The ACLs in the default security descriptor for a named pipe grant
full control to the LocalSystem account, administrators, and the
creator owner. They also grant read access to members of the Everyone
group and the anonymous account."

Given that we only respond to writes (we don't "publish information"
over it), I think that's a reasonable default to use.

 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to