Tom Lane wrote:
> > Claudio Natoli wrote:
> >> The only things I've thought of so far are:
> >> a) sticking the PID/cancel key list in shared mem [yeech]
> >> b) rearranging the entire cancel handling to occur in the postmaster [double
> >> yeech]
>
> (a) seems like the lesser of the available evils (unless someone has a
> bright idea for a plan C).
>
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > I think we need to move in the direction of a separate fork/exec-only
> > shared memory segment that holds the pids and cancel keys for all the
> > backends.
>
> That doesn't seem worth the trouble. I'd be inclined to just stick the
> cancel keys in the PGPROC structures (I believe the PIDs are already in
> there). The original motivation for keeping them only in postmaster
> local memory was to keep backend A's cancel key away from the prying
> eyes of backend B, but is there really any security added? Anyone who
> can inspect PGPROC hardly needs to know the cancel key --- he can just
> issue a SIGINT (or worse) directly to the target backend.
Agreed. I was going for a separate one just to be paranoid. This will
only be done for exec(), so I don't see a problem for normal Unix use
anyway.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
