On Tue, Jan 27, 2009 at 11:26 AM, Peter Eisentraut <peter_e@gmx.net> wrote:
> On Tuesday 27 January 2009 12:34:56 Dave Page wrote:
>> I'm not entirely sure what has change in the SCM to cause this yet
>> (Windows 7 documentation is somewhat thin on the ground at the
>> moment), but the patch avoids theporblem by only setting
>> JOB_OBJECT_UILIMIT_HANDLES on earlier OSs.
>
> Doesn't this effectively mean, we relax the security settings because we don't
> understand why we are getting errors? Sounds fishy.
Yes, essentially. I have a suspicion that Microsoft have tightened the
security of that option, such that if we use it we can no longer see
the handle to the service control manager (which it owns of course),
but I have no way to prove that.
However;
- We only use job objects on >= XP. On Windows 2000/NT4, we don't use
them at all so we don't set any of the related security options on
those platforms.
- I don't believe this option gives us much additional security. It
doesn't secure PostgreSQL in any way, it prevents PostgreSQL from
seeing the user handles owned by other jobs in the same session. To
make any use of those, the PostgreSQL installation would have to be
severely compromised anyway, which would give other, easier paths into
the system, besides which, when running as a service we're in our own
session anyway.
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
