Postgres Pro
Downloads
Home   >   mailing lists

Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled - Mailing list pgsql-hackers

From Tsunakawa, Takayuki
Subject Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Date
Msg-id 0A3221C70F24FB45833433255569204D1F63C649@G01JPEXMBYT05
Whole thread Raw
In response to Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled  (Michael Paquier <michael.paquier@gmail.com>)
Responses Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
List pgsql-hackers
Tree view 
From: pgsql-hackers-owner@postgresql.org
> [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Michael Paquier
> Meh. Local System accounts are used only by services (see comments of
> pgwin32_is_service), so I'd expect pgwin32_is_service() to return true in
> this case, contrary to what your v5 is doing. v4 is doing it better I think
> at quick glance.
> Not relying on the fact that local system accounts are only used by services
> looks bad to me.

I believe v5 is correct for two reasons:


(1) 
SECURITY_SERVICE_RID is enough to check, because the process gets SECURITY_SERVICE_RID when it runs as a service.

https://msdn.microsoft.com/ja-jp/library/windows/desktop/aa379649(v=vs.85).aspx

SECURITY_SERVICE_RID
Accounts authorized to log on as a service. This is a group identifier added to the token of a process when it was
loggedas a service. The corresponding logon type is LOGON32_LOGON_SERVICE.
 


I saw descriptions that LocalSystem is used by the SCM, but didn't find a statement that LocalSystem is used only by
SCMand services.  In addition, if the check for LocalSystem is really necessary, LocalService and NetworkService also
needto be checked.
 

https://msdn.microsoft.com/ja-jp/library/windows/desktop/ms684190(v=vs.85).aspx

(Japanese article)http://www.atmarkit.co.jp/ait/articles/0905/08/news095.html


(2)
The OP wants to explicitly run postgres.exe outside the service even when his app runs as a service, so that the app
canread postgres's messages from its stdout/stderr.  So, he disabled SECURITY_SERVICE_RID when starting postgres.exe.
Hisusers may run his app as a service under LocalSystem.
 

[Excerpt]
--------------------------------------------------
We ship PG with our own product, which may or may not be
installed as a service.  When running PG, we run postgres.exe directly via a
Tcl-based wrapper script so that we can monitor the output in real time. 

When our product is installed as a service, we use CreateRestrictedToken to
disable all admin rights as well as the SECURITY_SERVICE_RID, and use the
returned token with CreateProcessAsUser, for which we also specify
CREATE_NEW_CONSOLE.  This process then calls our wrapper script.  Inside
this wrapper, I can call GetStdHandle (via Twapi) and get valid handles for
all 3: in, out, and err.  Yet when the script calls postgres.exe, nothing is
received on the output.  As mentioned above, nothing is logged in the event
log, either.
--------------------------------------------------


Regards
Takayuki Tsunakawa

pgsql-hackers by date:

Previous
From: Kyotaro HORIGUCHI
Date:
Subject: Re: Re: [sqlsmith] FailedAssertion("!(XLogCtl->Insert.exclusiveBackup)", File: "xlog.c", Line: 10200)
Next
From: Amit Kapila
Date:
Subject: Re: Hash Indexes