Comment 0 for bug 1042556

Hi

The Debian packages for PostgreSQL (and thus the Ubuntu packages because of the shared use of pg_wrapper) are subject to a potentially critical data loss bug because of an unsafe procedure for restarting PostgreSQL.

This issue has been recognised and patched in Debian:

    http://anonscm.debian.org/loggerhead/pkg-postgresql/postgresql-common/trunk/revision/1181
    http://archives.postgresql.org/pgsql-general/2012-07/msg00501.php

but should be urgently included in Ubuntu and backported.

I quote Tom Lane (key PostgreSQL dev):

        [The] forced unlink on the postmaster.pid file [...] (a) is entirely
        unnecessary, and (b) defeats the safety interlock against starting a
        new postmaster before all the old backends have flushed out.

It is VITAL that pg_wrapper NEVER unlink the postmaster.pid file. The postmaster will do that its self if it finds the pid to be stale, but only after performing some checks to make sure there are no backends still running and to ensure that there's no other postmaster running against the database.

See:
    http://archives.postgresql.org/pgsql-general/2012-07/msg00475.php

Context here:

    http://archives.postgresql.org/pgsql-general/2012-07/msg00350.php
    http://dba.stackexchange.com/questions/20959/recover-postgresql-database-from-wal-errors-on-startup/20961