Home > mailing lists

Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application" - Mailing list pgsql-hackers

From	Dave Page
Subject	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date	October 28, 2013 12:24:04
Msg-id	CA+OCxoy0RL1JrPnHQUw7YnC6UmsnhdNA+xMaCLjsHY4uc0HRRw@mail.gmail.com Whole thread Raw
In response to	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application" (Asif Naeem <anaeem.it@gmail.com>)
Responses	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
List	pgsql-hackers

Tree view

Sandeep, can you look at this please? Thanks.

On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <anaeem.it@gmail.com> wrote:
> It is related to windows unquoted service path vulnerability in the the
> installer that creates service path without quotes that make service.exe to
> look for undesirable path for executable.
>
> postgresql-9.3 service path : C:/Users/asif/Desktop/Program
> files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
> "C:/Users/asif/Desktop/Program files/9.3/data" -w
>
> service.exe
>>
>> C:\Users\asif\Desktop\Program     NAME NOT FOUND
>> C:\Users\asif\Desktop\Program.exe     NAME NOT FOUND
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe     ACCESS DENIED
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe     ACCESS DENIED
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice     NAME
>> NOT FOUND
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
>> NAME NOT FOUND
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> NAME NOT FOUND
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N.exe
>> NAME NOT FOUND
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3"     NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3".exe     NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D     NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D.exe     NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data"     NAME
>> INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
>> NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
>> NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w.exe
>> NAME INVALID
>
>
> Fix :
>
> postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
> files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
> "C:/Users/asif/Desktop/Program files/9.3/data" -w
>
> It would be good if this is reported on pg installer forum or security
> forum. Thanks.
>
> Regards,
> Asif Naeem
>
> On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
> <anzai-naoya@mxu.nes.nec.co.jp> wrote:
>>
>> Hi, Asif.
>>
>> Thank you for response.
>>
>>
>> >       C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
>> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
>> >       server starting
>>
>> This failure does not occur by the command line.
>> PostgreSQL needs to start by Windows Service.
>>
>> Additionally,In this case,
>> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
>> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
>> files\9.3\bin".
>> ------------
>> C:\Users\asif\Desktop\Program files\9.3\bin>dir
>> ...
>>     4,435,456   postgres.exe
>>        80,896   pg_ctl.exe
>> ...
>>
>> C:\Users\asif\Desktopp>dir
>> ...
>>             0  Program
>> <DIR>          Program files
>> ...
>> ------------
>>
>> Regards,
>> Naoya
>>
>> > Hi Naoya,
>> >
>> > I am not able to reproduce the problem. Do you mean pg windows service
>> > installed by installer is not working or bin\pg_ctl binary is not accepting
>> > spaces in the patch ?. Following worked for me i.e.
>> >
>> >
>> >       C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
>> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
>> >       server starting
>> >
>> >
>> > Can you please share the exact steps ?. Thanks.
>> >
>> >
>> > Regards,
>> > Muhammad Asif Naeem
>> >
>> >
>> >
>> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
>> > <anzai-naoya@mxu.nes.nec.co.jp> wrote:
>> >
>> >
>> >       Hi All,
>> >
>> >       I have found a case that PostgreSQL Service does not start.
>> >       When it happens, the following error appears.
>> >
>> >        "is not a valid Win32 application"
>> >
>> >       This failure occurs when the following conditions are true.
>> >
>> >       1. There is "postgres.exe" in any directory that contains a space,
>> >          such as "Program Files".
>> >
>> >          e.g.)
>> >          C:\Program Files\PostgreSQL\bin\postgres.exe
>> >
>> >       2. A file using the first white space-delimited
>> >          tokens of that directory as the file name exists,
>> >          and there is it in the same hierarchy.
>> >
>> >          e.g.)
>> >          C:\Program     //file
>> >
>> >       "pg_ctl.exe" as PostgreSQL Service creates a postgres
>> >       process using an absolute path which indicates the
>> >       location of "postgres.exe",but the path is not enclosed
>> >       in quotation.
>> >
>> >       Therefore,if the above-mentioned conditions are true,
>> >       CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
>> >       tries to create a process using the other file such
>> >       as "Program", so the service fails to start.
>> >
>> >       Accordingly, I think that the command path should be
>> >       enclosed in quotation.
>> >
>> >       I created a patch to fix this failure,
>> >       So could anyone confirm?
>> >
>> >       Regards,
>> >
>> >       Naoya
>> >
>> >       ---
>> >       Naoya Anzai
>> >       Engineering Department
>> >       NEC Soft, Ltd.
>> >       E-Mail: anzai-naoya@mxu.nes.nec.co.jp
>> >       ---
>> >
>> >
>> >       --
>> >       Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
>> >       To make changes to your subscription:
>> >       http://www.postgresql.org/mailpref/pgsql-hackers
>> >
>> >
>> >
>> >
>> >
>>
>> 以上、よろしくお願い致します。
>>
>> --------------------------------------------------------
>> NECソフト株式会社
>> PFシステム事業部 テーマソフト開発G
>> 安西 直也
>>
>> 外線(03)5534-2353
>> 内線(8)57-40364
>> Mail:NES-N2363
>> E-mail:anzai-naoya@mxu.nes.nec.co.jp
>> --------------------------------------------------------
>> ≪本メールの取り扱い≫
>> ・区分：秘密
>> ・開示：必要最小限で可
>> ・持出：禁止
>> ・期限：無期限
>> ・用済後：廃棄
>>
>>
>>



--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Pavel Stehule
Date: 28 October 2013, 12:13:27
Subject: Re: Detection of nested function calls

From: Andres Freund
Date: 28 October 2013, 12:24:10
Subject: Re: Detection of nested function calls

Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application" - Mailing list pgsql-hackers

Previous

Next