Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

From: "MauMau" <maumau307(at)gmail(dot)com>
To: "Michael Paquier" <michael(dot)paquier(at)gmail(dot)com>, "Breen Hagan" <breen(at)rtda(dot)com>
Cc: "Heikki Linnakangas" <hlinnaka(at)iki(dot)fi>, "Alvaro Herrera" <alvherre(at)2ndquadrant(dot)com>, "PostgreSQL Hackers" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Date: 2016-11-06 09:30:41
Message-ID: 952A88FFCBDA419EB6D6556B6A8F29C1@tunaPC
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs pgsql-hackers

Hello,

Sorry, I may have had to send this to pgsql-hackers. I just replied
to all, which did not include pgsql-hackers but pgsql-bugs because
this discussion was on pgsql-bugs. CommitFest app doesn't seem to
reflect the mails on pgsql-bugs, so I'm re-submitting this here on
pgsql-hackers.

From: Michael Paquier
(Moved to next CF, with same status "Ready for committer").

I reviewed and tested this patch after simplifying it like the
attached one. The file could be reduced by about 110 lines. Please
review and/or test it. Though I kept the status "ready for
committer", feel free to change it back based on the result.

I tested as follows. First, I confirmed that pg_is_admin() still
works by running postgres.exe from the Administrator command line:

--------------------------------------------------
G:\>postgres
Execution of PostgreSQL by a user with administrative permissions is
not
permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromises. See the documentation for
more information on how to properly start the server.

G:\>
--------------------------------------------------

Then, I added the following two elog() calls in postmaster.c so that
pg_is_admin() and pg_is_service() works fine.

--------------------------------------------------
maybe_start_bgworker();

elog(LOG, "pgwin32_is_admin = %d", pgwin32_is_admin());
elog(LOG, "pgwin32_is_service = %d", pgwin32_is_service());

status = ServerLoop();
--------------------------------------------------

To reproduce the OP's problem, I modified pg_ctl.c to disable
SECURITY_SERVICE_RID when spawning postgres.exe. Without the patch,
starting the Windows service emit the following log, showing that
pg_is_service() misjudged that postgres is running as a Windows
service:

LOG: pgwin32_is_admin = 0
LOG: pgwin32_is_service = 1

With the patch, the log became correct:

LOG: pgwin32_is_admin = 0
LOG: pgwin32_is_service = 0

Regards
Takayuki Tsunakawa

Attachment Content-Type Size
win32-security_service-v3.patch application/octet-stream 12.7 KB

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Michael Paquier 2016-11-06 12:12:24 Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Previous Message MauMau 2016-11-06 09:11:04 Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2016-11-06 12:12:24 Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Previous Message MauMau 2016-11-06 09:11:04 Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled