On Thu, Apr 25, 2013 at 12:09 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Alvaro Herrera <alvhe...@2ndquadrant.com> writes: >> Jeff Janes escribió: >>> With the stats file split patch 187492b6c2e8cafc5 introduced in 9.3dev, now >>> after a crash the postmaster will try to delete all files in the directory >>> stats_temp_directory. When that is just a subdirectory of PGDATA, this is >>> fine. But it seems rather hostile when it is set to a shared directory, >>> like the popular /dev/shm. > >>> Does this need to be fixed, or at least documented? > >> I think we need it fixed so that it only deletes the files matching a >> well-known pattern. > > I think we need it fixed to reject any stats_temp_directory that is not > postgres-owned with restrictive permissions. The problem here is not > with what it deletes, it's with the insanely insecure configuration.
Only deleting files matching the relevant pattern might not be a bad idea either, though. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
