Hello, Magnus
cc: Andres
From: pgsql-hackers-owner@postgresql.org
> [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Magnus Hagander
> I think what you'd need to do is enumerate what privileges the user has
> *before* calling CreateRestrictedToken(), using GetTokenInformation().
> And then pass those into PrivilegesToDelete (except for
> SeChangeNotifyPrivilege) in the call to CreateRestrictedToken(), instead
> of using DISABLE_MAX_PRIVILEGE. (and add the privilege needed for huge pages
> before you start that whole process -- that needs to be added in the token
> used *before* we create the restricted one).
>
> At least that's my guess from reading the docs and trying to remember :)
Oh, I got it now. Thanks. The revised patch is attached. The only modified file is pg_ctl.c. The patch worked as
expected.
It is regrettable that I could not make it in time for PG 10, but I'd appreciate it if you could review and commit this
patchearly in PG 11 while our memory is fresh. Thank you for your patience. I'll create an entry in the next CF
soon.
Regards
Takayuki Tsunakawa
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
