Re: lowering pg_regress privileges on Windows
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>, Thomas Munro <thomas.munro@enterprisedb.com>
Date: 2018-10-19T00:13:41Z
Lists: pgsql-hackers
On Thu, Oct 18, 2018 at 08:31:11AM -0400, Andrew Dunstan wrote: > The attached ridiculously tiny patch solves the problem whereby while we can > run Postgres on Windows safely from an Administrator account, we can't run > run the regression tests from the same account, since it fails on the > tablespace test, the tablespace directory having been set up without first > having lowered privileges. The solution is to lower pg_regress' privileges > in the same way that we do with other binaries. This is useful in setups > like Appveyor where running under any other account is ... difficult. For > the cfbot Thomas has had to make the script hack the schedule file to omit > the tablespace test. This would make that redundant. > > I propose to backpatch this. It's close enough to a bug and the risk is > almost infinitely small. +1. get_restricted_token() refactoring has been done down to REL9_5_STABLE. With 9.4 and older you would need to copy again this full routine into pg_regress.c, which is in my opinion not worth worrying about. -- Michael
Commits
-
Lower privilege level of programs calling regression_main
- cc02db82c0f3 9.5.15 landed
- 42a93da25a5c 9.6.11 landed
- f4b67efdcbc7 10.6 landed
- a0a8671a61ae 11.1 landed
- ce5d3424d641 12.0 landed