Re: 9.2RC1 wraps this Thursday ...

Amit kapila <amit(dot)kapila(at)huawei(dot)com> writes:
>> Can't we test the same condition that postgres.exe itself would test?

> To implement the postgre.exe way we have following options:

> 1. Duplicate the function pgwin32_is_admin and related function to pg_ctl, as currently it is not exposed.
> 2. Make that visible to pg_ctl, but for that it need to link with postgre lib.
> 3. Move the functions to some common place may be src/port.
> 4. any other better way?

> Curretly I have implemented the patch with Approach-1, but I believe Approach-3 would have been better.

After poking around a bit I realized that you'd copied the
environment-variable hack from initdb.c, which has got basically the
same problem of needing to drop admin privileges. I think it is just
as ugly and dangerous there as here. So I would be in favor of approach
#3 and merging initdb's copy of the code too. In fact, given that
GetCommandLine() appears to be OS-provided, it seems to me that *all*
of the functionality needed could be wrapped up in a utility subroutine
with the semantics of "re-exec myself in a restricted process if
needed".

On the other hand, that's kind of a big chunk of work to take on at the
last minute for what is admittedly a rather hypothetical risk. Maybe
it'd be best to just duplicate initdb's code into pg_ctl for the moment
and plan on cleaning it up later when there's more time.

However, I really can't take responsibility for any of this since
I don't have a Windows development environment. One of the Windows-
hacking committers needs to pick this issue up. Anyone?

regards, tom lane