Bruce Momjian <[EMAIL PROTECTED]> writes:
> When you say sub-postmaster, you mean we fork, then process the cancel
> request?  Seems we might need special handling in there, yea.

We fork before we even read the request.  Otherwise an attacker can
trivially lock up the postmaster by sending a partial startup packet.

I've just noticed another serious bit of breakage in CVS tip (though
this might be fixed by Claudio's pending patch that reverts a lot of
the code rearrangements).  There is a reason why the 7.4 code does
on_exit_reset *immediately* after fork(), and it's not acceptable to
rearrange the code so that that happens at some random later time.
Otherwise, any problem in between leads to the child process executing
the postmaster's on_exit routines, with such pleasant side effects as
destroying the shmem segment.  For similar reasons, you don't get to
postpone setting IsUnderPostmaster true --- elog pays attention to the
value of that flag, and will do the wrong thing if called in a child
process that doesn't yet have it set.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Reply via email to