Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled - Mailing list pgsql-hackers

From Tsunakawa, Takayuki
Subject Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Date
Msg-id 0A3221C70F24FB45833433255569204D1F6566FA@G01JPEXMBYT05
Whole thread Raw
In response to Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled  (Craig Ringer <craig@2ndquadrant.com>)
Responses Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
List pgsql-hackers
From: Craig Ringer [mailto:craig@2ndquadrant.com]
> You meant CheckTokenMembership().

Yes, my typo in the mail.

> The proposed patch does need to be checked with:

I understood you meant by "refuse to run" that postgres.exe fails to start below.  Yes, I checked it on Win10.  I don't
haveaccess to WinXP/2003 - Microsoft ended their support.
 
if (pgwin32_is_admin()){    write_stderr("Execution of PostgreSQL by a user with administrative permissions is not\n"
             "permitted.\n"                 "The server must be started under an unprivileged user ID to prevent\n"
"possiblesystem security compromises.  See the documentation for\n"              "more information on how to properly
startthe server.\n");    exit(1);}
 

Regards
Takayuki Tsunakawa






pgsql-hackers by date:

Previous
From: Pavel Stehule
Date:
Subject: Re: patch: function xmltable
Next
From: "Tsunakawa, Takayuki"
Date:
Subject: Re: [RFC] Should we fix postmaster to avoid slow shutdown?