On 2014-06-10 11:14:43 -0400, Tom Lane wrote: > Sure, but what's that have to do with this? Any Red Hat or PGDG RPM will > come with this code already enabled in the build, so there is no need for > anyone to have a GUC to play around with the behavior.
That's imo a fair point. Unless I misunderstand things Gurjeet picked the topic up again because he wants to increase the priority of the children. Is that correct Gurjeet? I do think a GUC might be a nicer interface for this than a #define. Possibly even with a absolute reset value for the children. But only because there's no way, afaics, to explicitly reset to the default value. > >> I remain of the opinion that allowing nonprivileged people to decide > >> whether that code is active or not is unsafe from a system level. > > > On what factual basis? > > Because it would convert the intended behavior (postmaster and only > postmaster is exempt from OOM kill) into a situation where possibly > all of the database processes are exempt from OOM kill, at the whim > of somebody who should not have the privilege to decide that. Meh^3. By that argument we need to forbid superusers to create any form of untrusted functions. Forbid anything that does malloc(), system(), fork(), whatever from a user's influence. Superusers can execute code in the postmaster using shared_preload_libraries. Feigning that that's not possible isn't buying us anything. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
