Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Tsunakawa, Takayuki <tsunakawa.takay@jp.fujitsu.com>
From: "Tsunakawa, Takayuki" <tsunakawa.takay@jp.fujitsu.com>
To: 'Craig Ringer' <craig@2ndquadrant.com>
Cc: Michael Paquier <michael.paquier@gmail.com>, MauMau <maumau307@gmail.com>, Breen Hagan <breen@rtda.com>, Heikki Linnakangas <hlinnaka@iki.fi>, "Alvaro
Herrera" <alvherre@2ndquadrant.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2016-11-22T04:58:34Z
Lists: pgsql-bugs, pgsql-hackers
From: Craig Ringer [mailto:craig@2ndquadrant.com]
> You meant CheckTokenMembership().
Yes, my typo in the mail.
> The proposed patch does need to be checked with:
I understood you meant by "refuse to run" that postgres.exe fails to start below. Yes, I checked it on Win10. I don't have access to WinXP/2003 - Microsoft ended their support.
if (pgwin32_is_admin())
{
write_stderr("Execution of PostgreSQL by a user with administrative permissions is not\n"
"permitted.\n"
"The server must be started under an unprivileged user ID to prevent\n"
"possible system security compromises. See the documentation for\n"
"more information on how to properly start the server.\n");
exit(1);
}
Regards
Takayuki Tsunakawa
Commits
-
Fix and simplify check for whether we're running as Windows service.
- 9c52ddfcee06 9.2.21 landed
- 3ebcc2498d2b 9.3.17 landed
- 6b584c36a40c 9.4.12 landed
- 96fd76dd2875 9.5.7 landed
- 38bdba54a64b 9.6.3 landed
- ff30aec759bd 10.0 landed