BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

From: breen(at)rtda(dot)com
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Date: 2015-11-04 06:23:15
Message-ID: 20151104062315.2745.67143@wrigleys.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-bugs pgsql-hackers

The following bug has been logged on the website:

Bug reference: 13755
Logged by: Breen Hagan
Email address: breen(at)rtda(dot)com
PostgreSQL version: 9.4.4
Operating system: Windows 8.1

Short version: pgwin32_is_service checks the process token for
SECURITY_SERVICE_RID by doing an EqualSid check. This will match against a
SECURITY_SERVICE_RID that has been disabled ("use_for_deny_only"), causing
PG to think it's a service when it is not. This causes it to attempt to log
to the event log, but this doesn't work, and so there is no logging at all.

Long version: We ship PG with our own product, which may or may not be
installed as a service. When running PG, we run postgres.exe directly via a
Tcl-based wrapper script so that we can monitor the output in real time.
This works as expected when our product is not being run as a service.

When our product is installed as a service, we use CreateRestrictedToken to
disable all admin rights as well as the SECURITY_SERVICE_RID, and use the
returned token with CreateProcessAsUser, for which we also specify
CREATE_NEW_CONSOLE. This process then calls our wrapper script. Inside
this wrapper, I can call GetStdHandle (via Twapi) and get valid handles for
all 3: in, out, and err. Yet when the script calls postgres.exe, nothing is
received on the output. As mentioned above, nothing is logged in the event
log, either.

If you look at
this code is very similar to pgwin32_is_service (except that it looks for
Admins), but also checks the attributes on the SID to see if it is enabled,
or used for deny only. I believe this check needs to be added to



Browse pgsql-bugs by date

  From Date Subject
Next Message Michael Paquier 2015-11-04 07:01:28 Re: Re: BUG #13685: Archiving while idle every archive_timeout with wal_level hot_standby
Previous Message Tom Lane 2015-11-04 02:57:44 Re: BUG #13754: Postgres possibly accepts a typo as valid input

Browse pgsql-hackers by date

  From Date Subject
Next Message Kyotaro HORIGUCHI 2015-11-04 06:33:46 Re: extend pgbench expressions with functions
Previous Message Michael Paquier 2015-11-04 06:09:31 Re: [PATCH] postgres_fdw extension support