On Tue, Jan 27, 2009 at 3:11 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> It would be good to understand what the problem actually is and what are
> the risks of running without this flag. I assume we put it in there
> for a reason.
The risks are pretty low imho. Not having the flag means that the
server has access to the handles of objects in other jobs in the same
session. When running as a service, that's basically nothing as the
service runs in it's own session and is isolated through other means.
When run from the command line, a hacked binary could send messages to
the users UI (buttons and other controls for example). It would be a
difficult attack to pull off, and very hard to gain from it. It's easy
enough to leave the flag in console mode however - that does work on
Windows 7.
As for what the problem actually is - without more info from
Microsoft, I suspect we won't find out (and even then, I wouldn't hold
my breath for something like this).
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
