From: | "MauMau" <maumau307(at)gmail(dot)com> |
---|---|
To: | "Michael Paquier" <michael(dot)paquier(at)gmail(dot)com>, "Breen Hagan" <breen(at)rtda(dot)com> |
Cc: | "Heikki Linnakangas" <hlinnaka(at)iki(dot)fi>, "Alvaro Herrera" <alvherre(at)2ndquadrant(dot)com>, "PostgreSQL mailing lists" <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled |
Date: | 2016-11-06 09:11:04 |
Message-ID: | 9415DAA827F74549B94EB17DF02EB699@tunaPC |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-hackers |
Hello,
From: Michael Paquier
(Moved to next CF, with same status "Ready for committer").
I reviewed and tested this patch after simplifying it like the
attached one. The file could be reduced by about 110 lines. Please
review and/or test it. Though I kept the status "ready for
committer", feel free to change it back based on the result.
I tested as follows. First, I confirmed that pg_is_admin() still
works by running postgres.exe from the Administrator command line:
--------------------------------------------------
G:\>postgres
Execution of PostgreSQL by a user with administrative permissions is
not
permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromises. See the documentation for
more information on how to properly start the server.
G:\>
--------------------------------------------------
Then, I added the following two elog() calls in postmaster.c so that
pg_is_admin() and pg_is_service() works fine.
--------------------------------------------------
maybe_start_bgworker();
elog(LOG, "pgwin32_is_admin = %d", pgwin32_is_admin());
elog(LOG, "pgwin32_is_service = %d", pgwin32_is_service());
status = ServerLoop();
--------------------------------------------------
To reproduce the OP's problem, I modified pg_ctl.c to disable
SECURITY_SERVICE_RID when spawning postgres.exe. Without the patch,
starting the Windows service emit the following log, showing that
pg_is_service() misjudged that postgres is running as a Windows
service:
LOG: pgwin32_is_admin = 0
LOG: pgwin32_is_service = 1
With the patch, the log became correct:
LOG: pgwin32_is_admin = 0
LOG: pgwin32_is_service = 0
Regards
Takayuki Tsunakawa
Attachment | Content-Type | Size |
---|---|---|
win32-security_service-v3.patch | application/octet-stream | 12.7 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | MauMau | 2016-11-06 09:30:41 | Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled |
Previous Message | marcos.castedo | 2016-11-06 01:09:47 | BUG #14414: SPI_ERROR_CONNECT on stable plpgsql function used for domain check |
From | Date | Subject | |
---|---|---|---|
Next Message | MauMau | 2016-11-06 09:30:41 | Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled |
Previous Message | Michael Paquier | 2016-11-06 08:33:15 | Re: commitfest 2016-11 status summary |