26.10.2016, 21:34, Andres Freund kirjoitti:
Any chance that plsh or the script it executes does anything with the file
descriptors it inherits? That'd certainly one way to get into odd corruption
issues.
We processor really should use O_CLOEXEC for the majority of it file handles.
Attached a patch to always use O_CLOEXEC in BasicOpenFile if we're not
using EXEC_BACKEND. It'd be nice to not expose all fds to most
pl-languages either, but I guess there's no easy solution to that
without forcibly closing all fds whenever any functions are called.
/ Oskari
>From 50d7410b895a1aae26c7001f11bd0d71a200ef96 Mon Sep 17 00:00:00 2001
From: Oskari Saarenmaa <o...@aiven.io>
Date: Wed, 2 Nov 2016 16:42:36 +0200
Subject: [PATCH] BasicOpenFile: always use O_CLOEXEC if it is available
---
src/backend/storage/file/fd.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git src/backend/storage/file/fd.c src/backend/storage/file/fd.c
index b7ff5ef..6cbe378 100644
--- src/backend/storage/file/fd.c
+++ src/backend/storage/file/fd.c
@@ -894,7 +894,19 @@ BasicOpenFile(FileName fileName, int fileFlags, int fileMode)
int fd;
tryAgain:
- fd = open(fileName, fileFlags, fileMode);
+ fd = open(fileName, fileFlags, fileMode
+#if defined(O_CLOEXEC) && !defined(EXEC_BACKEND)
+ /*
+ * We don't want exec'd processes to inherit our file handles unless
+ * EXEC_BACKEND is used. We don't expect execve() calls inside the
+ * postgres code, but extensions and pl-languages may spawn new
+ * processes that either don't work due to having no usable file
+ * descriptors or write garbage in the files previously opened by
+ * us.
+ */
+ | O_CLOEXEC
+#endif
+ );
if (fd >= 0)
return fd; /* success! */
--
2.5.5
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
