| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Breen Hagan <breen(at)rtda(dot)com> |
| Cc: | PostgreSQL mailing lists <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled |
| Date: | 2015-11-07 07:36:26 |
| Message-ID: | CAB7nPqQhwM4WgMnm8cSxmGuxEYGt19-xQRtmhuezFs8Hrav8fQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
On Sat, Nov 7, 2015 at 4:09 PM, Michael Paquier
<michael(dot)paquier(at)gmail(dot)com> wrote:
> On Fri, Nov 6, 2015 at 1:00 AM, Breen Hagan <breen(at)rtda(dot)com> wrote:
>> Michael,
>
> (You should avoid top-posting, this breaks the logic of a thread).
>
>> I'm pretty sure your patch will fix my issue, but perhaps it should be a
>> positive check for SE_GROUP_ENABLED?
>
> If we want to be completely consistent with pgwin32_is_admin, that
> would be actually the opposite: Postgres should not start with an SID
> that has administrator's rights for security reasons.
SECURITY_SERVICE_RID and SECURITY_BUILTIN_DOMAIN_RID are completely
separated concepts... Please ignore that. Still, yeah, it seems that
you are right, we would want SE_GROUP_ENABLED to be enabled to check
if process can access the event logs. Thoughts from any Windows ninja
in the surroundings?
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2015-11-08 12:50:35 | Re: Re: BUG #13685: Archiving while idle every archive_timeout with wal_level hot_standby |
| Previous Message | Michael Paquier | 2015-11-07 07:09:57 | Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fabien COELHO | 2015-11-07 07:45:59 | Re: extend pgbench expressions with functions |
| Previous Message | Amit Kapila | 2015-11-07 07:22:39 | Re: Transactions involving multiple postgres foreign servers |