|From:||"Tsunakawa, Takayuki" <tsunakawa(dot)takay(at)jp(dot)fujitsu(dot)com>|
|To:||'Michael Paquier' <michael(dot)paquier(at)gmail(dot)com>, MauMau <maumau307(at)gmail(dot)com>|
|Cc:||Breen Hagan <breen(at)rtda(dot)com>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, "Alvaro Herrera" <alvherre(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>|
|Subject:||Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
> [mailto:pgsql-hackers-owner(at)postgresql(dot)org] On Behalf Of Michael Paquier
> On Sun, Nov 6, 2016 at 6:30 PM, MauMau <maumau307(at)gmail(dot)com> wrote:
> > Sorry, I may have had to send this to pgsql-hackers. I just replied
> > to all, which did not include pgsql-hackers but pgsql-bugs because
> > this discussion was on pgsql-bugs. CommitFest app doesn't seem to
> > reflect the mails on pgsql-bugs, so I'm re-submitting this here on
> > pgsql-hackers.
> No problem, I still see a unique thread so that's not an issue seen from
You are right. A while after I sent the second mail, I noticed the CommitFest app collected both of my mails. I was just impatient.
> So you see the same behavior with the patch I sent and your refactoring,
> right? If yes, backpatching the one-liner is the safest bet to me. We could
> keep the refactoring for HEAD if it makes sense.
Yes. And It's fine to me that your patch will be applied to previous releases and my patch to HEAD only. This is a good (rare?) chance to reduce the Windows-specific code, so I want to take advantage of it.
> Something is wrong with the format of your patch by the way. My Windows
> and even OSX environments recognize it as a binary file, though I can read
> it in any editor and I cannot apply it cleanly with a simple patch command.
> Could you send it again and double-check?
Ouch, the Git shell included in GitHub Desktop for Windows produced the diff in UTF-16 and CR/LF line terminators. I haven't found how to fix it, so I generated the attached patch on Linux. Please check it.
> > To reproduce the OP's problem, I modified pg_ctl.c to disable
> > SECURITY_SERVICE_RID when spawning postgres.exe.
> So basically you allocated a SID to drop via AllocateAndInitializeSid,
> called _CreateRestrictedToken and let the process being spawned? I think
> that this is the patch attached (win32-disable-service-rid.patch). Could
> you confirm? I want to be sure that we are testing the same things.
Yes, I did the same.
|Next Message||Tom Lane||2016-11-07 01:16:43||Let's get rid of SPI_push/SPI_pop|
|Previous Message||Peter Geoghegan||2016-11-07 00:02:42||Re: [WIP] Effective storage of duplicates in B-tree index.|
|Next Message||Michael Paquier||2016-11-07 08:05:03||Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled|
|Previous Message||Tom Lane||2016-11-06 17:12:40||Re: BUG #14414: SPI_ERROR_CONNECT on stable plpgsql function used for domain check|