Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"

Hi Dave

We register the service using pg_ctl. When I manually executed the
following on the command prompt, I saw that the service path of the
registered service did not have the pg_ctl.exe path in quotes. May be it
should be handled in the pg_ctl code.

*c:\Users\Sandeep Thakkar\Documents>*"c:\Program
Files\PostgreSQL\9.3\bin\pg_ctl.e
xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D "c:\Program
Files\P
ostgreSQL\9.3\data" -w

Naoya, I could not find your patch here. Can you please share it again?

On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:

> Sandeep, can you look at this please? Thanks.
>
> On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
> > It is related to windows unquoted service path vulnerability in the the
> > installer that creates service path without quotes that make service.exe
> to
> > look for undesirable path for executable.
> >
> > postgresql-9.3 service path : C:/Users/asif/Desktop/Program
> > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
> > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> >
> > service.exe
> >>
> >> C:\Users\asif\Desktop\Program NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice
> NAME
> >> NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
> >> NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N.exe
> >> NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3".exe NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D.exe NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data"
> NAME
> >> INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
> >> NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
> >> NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data"
> -w.exe
> >> NAME INVALID
> >
> >
> > Fix :
> >
> > postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
> > files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
> > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> >
> > It would be good if this is reported on pg installer forum or security
> > forum. Thanks.
> >
> > Regards,
> > Asif Naeem
> >
> > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >>
> >> Hi, Asif.
> >>
> >> Thank you for response.
> >>
> >>
> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> >> > server starting
> >>
> >> This failure does not occur by the command line.
> >> PostgreSQL needs to start by Windows Service.
> >>
> >> Additionally,In this case,
> >> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
> >> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
> >> files\9.3\bin".
> >> ------------
> >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
> >> ...
> >> 4,435,456 postgres.exe
> >> 80,896 pg_ctl.exe
> >> ...
> >>
> >> C:\Users\asif\Desktopp>dir
> >> ...
> >> 0 Program
> >> <DIR> Program files
> >> ...
> >> ------------
> >>
> >> Regards,
> >> Naoya
> >>
> >> > Hi Naoya,
> >> >
> >> > I am not able to reproduce the problem. Do you mean pg windows service
> >> > installed by installer is not working or bin\pg_ctl binary is not
> accepting
> >> > spaces in the patch ?. Following worked for me i.e.
> >> >
> >> >
> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> >> > server starting
> >> >
> >> >
> >> > Can you please share the exact steps ?. Thanks.
> >> >
> >> >
> >> > Regards,
> >> > Muhammad Asif Naeem
> >> >
> >> >
> >> >
> >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
> >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >> >
> >> >
> >> > Hi All,
> >> >
> >> > I have found a case that PostgreSQL Service does not start.
> >> > When it happens, the following error appears.
> >> >
> >> > "is not a valid Win32 application"
> >> >
> >> > This failure occurs when the following conditions are true.
> >> >
> >> > 1. There is "postgres.exe" in any directory that contains a
> space,
> >> > such as "Program Files".
> >> >
> >> > e.g.)
> >> > C:\Program Files\PostgreSQL\bin\postgres.exe
> >> >
> >> > 2. A file using the first white space-delimited
> >> > tokens of that directory as the file name exists,
> >> > and there is it in the same hierarchy.
> >> >
> >> > e.g.)
> >> > C:\Program //file
> >> >
> >> > "pg_ctl.exe" as PostgreSQL Service creates a postgres
> >> > process using an absolute path which indicates the
> >> > location of "postgres.exe",but the path is not enclosed
> >> > in quotation.
> >> >
> >> > Therefore,if the above-mentioned conditions are true,
> >> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
> >> > tries to create a process using the other file such
> >> > as "Program", so the service fails to start.
> >> >
> >> > Accordingly, I think that the command path should be
> >> > enclosed in quotation.
> >> >
> >> > I created a patch to fix this failure,
> >> > So could anyone confirm?
> >> >
> >> > Regards,
> >> >
> >> > Naoya
> >> >
> >> > ---
> >> > Naoya Anzai
> >> > Engineering Department
> >> > NEC Soft, Ltd.
> >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> >> > ---
> >> >
> >> >
> >> > --
> >> > Sent via pgsql-hackers mailing list (
> pgsql-hackers(at)postgresql(dot)org)
> >> > To make changes to your subscription:
> >> > http://www.postgresql.org/mailpref/pgsql-hackers
> >> >
> >> >
> >> >
> >> >
> >> >
> >>
> >> 以上、よろしくお願い致します。
> >>
> >> --------------------------------------------------------
> >> NECソフト株式会社
> >> PFシステム事業部 テーマソフト開発G
> >> 安西 直也
> >>
> >> 外線(03)5534-2353
> >> 内線(8)57-40364
> >> Mail:NES-N2363
> >> E-mail:anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> >> --------------------------------------------------------
> >> ≪本メールの取り扱い≫
> >> ・区分：秘密
> >> ・開示：必要最小限で可
> >> ・持出：禁止
> >> ・期限：無期限
> >> ・用済後：廃棄
> >>
> >>
> >>
>
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>

--
Sandeep Thakkar
Senior Software Engineer

Phone: +91.20.30589505

Website: www.enterprisedb.com
EnterpriseDB Blog: http://blogs.enterprisedb.com/
Follow us on Twitter: http://www.twitter.com/enterprisedb