Skip site navigation (1) Skip section navigation (2)

Re: Re: BUG #5065: pg_ctl start fails as administrator, with "could not locate matching postgres executable"

From: Dave Page <dpage(at)pgadmin(dot)org>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: Jesse Morris <jmorris(at)coverity(dot)com>, pgsql-bugs(at)postgresql(dot)org, Magnus Hagander <magnus(at)hagander(dot)net>
Subject: Re: Re: BUG #5065: pg_ctl start fails as administrator, with "could not locate matching postgres executable"
Date: 2009-10-20 08:54:18
Message-ID: 937d27e10910200154q719e16b1l25b9b2da651df030@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-hackers
On Mon, Oct 19, 2009 at 7:03 PM, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>
> However, I'd like a bit more comment added on just why doing this is safe.

The patch doesn't change what the code aims to do, only the way it
does it. The existing code does this:

- Creates a restricted security token
- Creates a new (suspended) process using that token
- Adds an ACE for the current user to the DACL for the new process
- Resumes (un-suspends) the process

The patch changes that to:

- Creates a restricted security token
- Adds an ACE for the current user to the DACL for the new token
- Creates a new (suspended) process using that token
- Resumes (un-suspends) the process

The net result /should/ be the same, but the second method is
apparently a little more robust.

> Would it still be safe if someone granted some dangerous privilege directly
> to the Administrator user, if that's possible?

The patch doesn't change that at all, but yes, I believe it is safe
because we drop all privileges when we create the restricted token,
and we then grant access (by adding an ACE) for the user using the
GENERIC_ALL flag, which (AIUI) just gives GENERIC_READ, GENERIC_WRITE
and GENERIC_EXECUTE privileges, and *not* any of the 'standard' or
'specific' rights (which include the more important/dangerous things
like DACL write access).

See:

http://msdn.microsoft.com/en-us/library/aa374892%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/aa374951%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/aa446583%28VS.85%29.aspx

-- 
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
PGDay.EU 2009 Conference: http://2009.pgday.eu/start

In response to

Responses

pgsql-hackers by date

Next:From: Itagaki TakahiroDate: 2009-10-20 09:09:07
Subject: ProcessUtility_hook
Previous:From: Simon RiggsDate: 2009-10-20 08:46:52
Subject: Re: Hot standby, pausing recovery

pgsql-bugs by date

Next:From: taktosDate: 2009-10-20 09:45:19
Subject: BUG #5127: AbstractJdbc2Connection#doRollback should throws Exception if connection is closed
Previous:From: Massa, Harald ArminDate: 2009-10-20 08:16:21
Subject: Re:

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group