Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

On Sun, Nov 6, 2016 at 6:30 PM, MauMau <maumau307(at)gmail(dot)com> wrote:
> Sorry, I may have had to send this to pgsql-hackers. I just replied
> to all, which did not include pgsql-hackers but pgsql-bugs because
> this discussion was on pgsql-bugs. CommitFest app doesn't seem to
> reflect the mails on pgsql-bugs, so I'm re-submitting this here on
> pgsql-hackers.

No problem, I still see a unique thread so that's not an issue seen from here.

> I reviewed and tested this patch after simplifying it like the
> attached one. The file could be reduced by about 110 lines. Please
> review and/or test it. Though I kept the status "ready for
> committer", feel free to change it back based on the result.

So you see the same behavior with the patch I sent and your
refactoring, right? If yes, backpatching the one-liner is the safest
bet to me. We could keep the refactoring for HEAD if it makes sense.

Something is wrong with the format of your patch by the way. My
Windows and even OSX environments recognize it as a binary file,
though I can read it in any editor and I cannot apply it cleanly with
a simple patch command. Could you send it again and double-check?

> To reproduce the OP's problem, I modified pg_ctl.c to disable
> SECURITY_SERVICE_RID when spawning postgres.exe.

So basically you allocated a SID to drop via AllocateAndInitializeSid,
called _CreateRestrictedToken and let the process being spawned? I
think that this is the patch attached
(win32-disable-service-rid.patch). Could you confirm? I want to be
sure that we are testing the same things.
--
Michael