Tom Lane wrote:
> > Claudio Natoli wrote:
> >> The only things I've thought of so far are:
> >> a) sticking the PID/cancel key list in shared mem [yeech]
> >> b) rearranging the entire cancel handling to occur in the postmaster [double
> >> yeech]
> (a) seems like the lesser of the available evils (unless someone has a
> bright idea for a plan C).
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > I think we need to move in the direction of a separate fork/exec-only
> > shared memory segment that holds the pids and cancel keys for all the
> > backends.
> That doesn't seem worth the trouble.  I'd be inclined to just stick the
> cancel keys in the PGPROC structures (I believe the PIDs are already in
> there).  The original motivation for keeping them only in postmaster
> local memory was to keep backend A's cancel key away from the prying
> eyes of backend B, but is there really any security added?  Anyone who
> can inspect PGPROC hardly needs to know the cancel key --- he can just
> issue a SIGINT (or worse) directly to the target backend.

Agreed.  I was going for a separate one just to be paranoid.  This will
only be done for exec(), so I don't see a problem for normal Unix use

  Bruce Momjian                        |
  [EMAIL PROTECTED]               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?


Reply via email to