Skip site navigation (1) Skip section navigation (2)

BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

From: breen(at)rtda(dot)com
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Date: 2015-11-04 06:23:15
Message-ID: 20151104062315.2745.67143@wrigleys.postgresql.org (view raw, whole thread or download thread mbox)
Thread:
Lists: pgsql-bugspgsql-hackers
The following bug has been logged on the website:

Bug reference:      13755
Logged by:          Breen Hagan
Email address:      breen(at)rtda(dot)com
PostgreSQL version: 9.4.4
Operating system:   Windows 8.1
Description:        

Short version: pgwin32_is_service checks the process token for
SECURITY_SERVICE_RID by doing an EqualSid check.  This will match against a
SECURITY_SERVICE_RID that has been disabled ("use_for_deny_only"), causing
PG to think it's a service when it is not.  This causes it to attempt to log
to the event log, but this doesn't work, and so there is no logging at all.

Long version: We ship PG with our own product, which may or may not be
installed as a service.  When running PG, we run postgres.exe directly via a
Tcl-based wrapper script so that we can monitor the output in real time. 
This works as expected when our product is not being run as a service.

When our product is installed as a service, we use CreateRestrictedToken to
disable all admin rights as well as the SECURITY_SERVICE_RID, and use the
returned token with CreateProcessAsUser, for which we also specify
CREATE_NEW_CONSOLE.  This process then calls our wrapper script.  Inside
this wrapper, I can call GetStdHandle (via Twapi) and get valid handles for
all 3: in, out, and err.  Yet when the script calls postgres.exe, nothing is
received on the output.  As mentioned above, nothing is logged in the event
log, either.

If you look at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379554(v=vs.85).aspx,
this code is very similar to pgwin32_is_service (except that it looks for
Admins), but also checks the attributes on the SID to see if it is enabled,
or used for deny only.  I believe this check needs to be added to
pgwin32_is_service.

Thanks!


Responses

pgsql-hackers by date

Next:From: Kyotaro HORIGUCHIDate: 2015-11-04 06:33:46
Subject: Re: extend pgbench expressions with functions
Previous:From: Michael PaquierDate: 2015-11-04 06:09:31
Subject: Re: [PATCH] postgres_fdw extension support

pgsql-bugs by date

Next:From: Michael PaquierDate: 2015-11-04 07:01:28
Subject: Re: Re: BUG #13685: Archiving while idle every archive_timeout with wal_level hot_standby
Previous:From: Tom LaneDate: 2015-11-04 02:57:44
Subject: Re: BUG #13754: Postgres possibly accepts a typo as valid input

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group