On 2013-08-19 13:50:38 -0400, Alvaro Herrera wrote: > Tom Lane wrote: > > > I think we should change 9.3 to be restrictive about ownership/permissions > > on the stats_temp_directory (ie, require owner = postgres user, > > permissions = 0700, same as for the $PGDATA directory). > > Not an easy thing to do, this. It should be done as a GUC check hook, > ISTM, but this doesn't work because the first time those are run we > haven't yet changed to the data directory, and so any relative path > (which the default value is) will cause the check to fail (I *assume* > setting an absolute path would work, but I haven't tried). We could > skip the check on the first run, and verify the directory separately in > PostmasterMain() after changing CWD, but I don't see any way to detect > that we're in the initial run of GUC processing. Any thoughts? Maybe > the idea of using a GUC check hook is flawed, but I don't think so > because we also need to verify a directory when the setting changes on > SIGHUP.
Hm. Is a check like that actually sufficient? The idea of setting stats_temp_directory to /dev/shm/postgres or similar in all of several clusters on one machine doesn't seem to be that far fetched. The only idea I have to prevent that is writing some minimal pg_control like file into the temp stats directory iff it's empty. Then, when reusing a stats temp directory, refuse to work unless it has the same ids. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
