On Friday, September 07, 2012 11:19 PM Tom Lane wrote: Heikki Linnakangas <hlinn...@iki.fi> writes: >> Would socketpair(2) be simpler?
>I've not done anything yet about the potential security issues >associated with untrusted libpq connection strings. I think this >is still at the proof-of-concept stage; in particular, it's probably > time to see if we can make it work on Windows before we worry more >about that. I have started working on this patch to make it work on Windows. The 3 main things to make it work are: 1. Windows equivalent for socketpair - This as suggested previously in this thread earlier code of pgpipe can suffice the need. Infact I have checked on net as well, most implementations are similar to pgpipe implementation. So I prefered to use the existing code which was removed. 2. Windows equivalent for fork-execv - This part can be done by CreateProcess,it can be similar to internal_forkexec except for path where it uses shared memory to pass parameters, I am trying to directly pass parameters to CreateProcess. 3. Windows equivalent for waitpid - Actually there can be 2 ways to accomplish this a. use waitforsingleobject with process handle, but in some places it is mentioned it might not work for all windows versions. Can someone pls confirm about. I shall try on my PC to test the same. b. use existing infrastructure of waitpid, however it is not for single process and it might need some changes to make it work for single process or may be we can use it directly. However currently it is in postmaster.c, so it need to be moved so that we can access it from fe-connect.c in libpq as well. c. suggest if you know of other ways to handle it or which from above 2 would be better? Some other doubts: 1. does this follow the behavior that admin users will not be allowed to invoke postgres child process? 2. to find standalone_backend incase user didn't input, do we need mechanism similar to getInstallationPaths()? Any other comments/suggestions? With Regards, Amit Kapila. -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers