On Mon, Sep 3, 2012 at 8:51 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Magnus Hagander <mag...@hagander.net> writes: >> On Mon, Sep 3, 2012 at 7:07 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: >>> Hmm, after looking at src/port/kill.c it doesn't seem like there's much >>> of a problem with doing that. I had had the idea that our kill >>> emulation only worked within the backend environment, but of course >>> pg_ctl wouldn't work if that were so. So this is easier than I thought. > >> Yeah, kill works fine from non-backend as long as the *receiver* has >> our backend environment. > > I have another question after thinking about that for awhile: is there > any security concern there? On Unix-oid systems, we expect the kernel > to restrict who can do a kill() on a postgres process. If there's any > similar restriction on who can send to that named pipe in the Windows > version, it's not obvious from the code. Do we have/need any > restriction there?
We use the default for CreateNamedPipe() which is: " The ACLs in the default security descriptor for a named pipe grant full control to the LocalSystem account, administrators, and the creator owner. They also grant read access to members of the Everyone group and the anonymous account." (ref: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365150(v=vs.85).aspx) Given that we only respond to writes (we don't "publish information" over it), I think that's a reasonable default to use. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
