On 07.09.2012 10:49, Tom Lane wrote:
> Heikki Linnakangas<hlinnaka@iki.fi> writes:
>> Would socketpair(2) be simpler?
>
> Attached is a revised version of the patch that uses socketpair(2).
> This is definitely a lot less invasive --- the backend side of the
> patch, in particular, is far shorter, and there are fewer portability
> hazards since we're not trying to replace sockets with pipes.
>
> I've not done anything yet about the potential security issues
> associated with untrusted libpq connection strings. I think this
> is still at the proof-of-concept stage; in particular, it's probably
> time to see if we can make it work on Windows before we worry more
> about that.
>
> I'm a bit tempted though to pull out and apply the portions of the
> patch that replace libpq's assorted ad-hoc closesocket() calls with
> a centralized pqDropConnection routine. I think that's probably a good
> idea independently of this feature.
Sounds good.
It's worth noting that now that libpq constructs the command line to
execute "postgres --child= -D <datadir>", we'll be stuck with that set
of arguments forever, because libpq needs to be able to talk to
different versions. Or at least we'd need to teach libpq to check the
version of binary and act accordingly, if we change that syntax. That's
probably OK, I don't feel any pressure to change those command line
arguments anyway.
- Heikki
