Home > mailing lists

Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled - Mailing list pgsql-bugs

From	Michael Paquier
Subject	Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Date	November 7, 2015 10:36:31
Msg-id	CAB7nPqQhwM4WgMnm8cSxmGuxEYGt19-xQRtmhuezFs8Hrav8fQ@mail.gmail.com Whole thread Raw
In response to	Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled (Michael Paquier <michael.paquier@gmail.com>)
Responses	Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled (Breen Hagan <breen@rtda.com>)
List	pgsql-bugs

Tree view

On Sat, Nov 7, 2015 at 4:09 PM, Michael Paquier
<michael.paquier@gmail.com> wrote:
> On Fri, Nov 6, 2015 at 1:00 AM, Breen Hagan <breen@rtda.com> wrote:
>> Michael,
>
> (You should avoid top-posting, this breaks the logic of a thread).
>
>> I'm pretty sure your patch will fix my issue, but perhaps it should be a
>> positive check for SE_GROUP_ENABLED?
>
> If we want to be completely consistent with pgwin32_is_admin, that
> would be actually the opposite: Postgres should not start with an SID
> that has administrator's rights for security reasons.

SECURITY_SERVICE_RID and SECURITY_BUILTIN_DOMAIN_RID are completely
separated concepts... Please ignore that. Still, yeah, it seems that
you are right, we would want SE_GROUP_ENABLED to be enabled to check
if process can access the event logs. Thoughts from any Windows ninja
in the surroundings?
--
Michael

pgsql-bugs by date:

From: Michael Paquier
Date: 07 November 2015, 10:10:07
Subject: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

From: sumit_ghosh@persistent.co.in
Date: 09 November 2015, 08:30:48
Subject: BUG #13759: Getting error while installing through Stackbuilder 3.1.1

Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled - Mailing list pgsql-bugs

Previous

Next