On 2017-10-01 17:47:52 -0400, Andrew Dunstan wrote:
>
>
> On 10/01/2017 04:48 PM, Andres Freund wrote:
> > On 2017-10-01 16:42:44 -0400, Tom Lane wrote:
> >> Andrew Dunstan <andrew.duns...@2ndquadrant.com> writes:
> >>> On 09/30/2017 10:32 PM, Andres Freund wrote:
> >>>> Heh. I'm inclined to take it out. We could add a --use-the-force-luke
> >>>> type parameter, but it doesn't seem worth it.
> >>> I agree, but I think we need this discussed on -hackers. Does anyone
> >>> have an objection to allowing "pg_ctl kill KILL somepid"? As Andres
> >>> points out, in most places you can just call kill from the command line
> >>> anyway, so disallowing it is not really a security feature. Having it
> >>> would let us have portable crash restart tests.
> >> +1 for portable tests, but it still seems like something we don't want
> >> to encourage users to use. What do you think of leaving it out of the
> >> documentation?
> > As far as I can tell we've not documented the set of acceptable signals
> > anywhere but the source. I think we can just keep it that way?
>
>
> As documented it's in the help text:
>
> printf(_("\nAllowed signal names for kill:\n"));
> printf(" ABRT HUP INT QUIT TERM USR1 USR2\n");
Oh, hm. I'd looked above.
> So we can leave it out of there. OTOH I'm not a huge fan of security by
> obscurity. I guess this wouldn't be too bad a case.
I'd personally include it, given that we already allow and document
ABRT. There's no meaningful difference between the two.
Greetings,
Andres Freund
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
