On Mon, Oct 17, 2016 at 2:14 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> But in general, I think that being this picky about cancel keys on systems
> that are too old to have /dev/random is not really helpful to anybody.
> I don't recall any reports of anyone ever having a DOS situation from
> weak cancel keys.  It's fine to upgrade our practice where it's convenient
> to do that, but taking away functionality on systems where it's not
> convenient isn't improving anyone's life.

Right.  I strongly agree with that.  If somebody's running on a
platform where they don't have a good source of entropy, they are
clearly going to still want query cancel to work.  They are not going
to want ^C to start doing nothing, and they are *definitely* not going
to want PostgreSQL to fail to compile and/or start.  pgcrypto is a
different situation, but I think it's just crazy to say that the
problems with cancel keys are so bad that we should just refuse to run
at all.  Anyone who is in this situation has this problem not just
with PostgreSQL but with everything on their system that wishes it had
cryptographically strong random numbers, which is probably quite a bit
of stuff.  We shouldn't take the position that a machine without a
good PRNG is a brick.  They just have to accept that random number
generation will be weaker not only for PostgreSQL but for any software
whatever that they run on that machine.

Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to