BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

From: breen(at)rtda(dot)com
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Date: 2015-11-04 06:23:15
Message-ID: 20151104062315.2745.67143@wrigleys.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs pgsql-hackers

The following bug has been logged on the website:

Bug reference: 13755
Logged by: Breen Hagan
Email address: breen(at)rtda(dot)com
PostgreSQL version: 9.4.4
Operating system: Windows 8.1
Description:

Short version: pgwin32_is_service checks the process token for
SECURITY_SERVICE_RID by doing an EqualSid check. This will match against a
SECURITY_SERVICE_RID that has been disabled ("use_for_deny_only"), causing
PG to think it's a service when it is not. This causes it to attempt to log
to the event log, but this doesn't work, and so there is no logging at all.

Long version: We ship PG with our own product, which may or may not be
installed as a service. When running PG, we run postgres.exe directly via a
Tcl-based wrapper script so that we can monitor the output in real time.
This works as expected when our product is not being run as a service.

When our product is installed as a service, we use CreateRestrictedToken to
disable all admin rights as well as the SECURITY_SERVICE_RID, and use the
returned token with CreateProcessAsUser, for which we also specify
CREATE_NEW_CONSOLE. This process then calls our wrapper script. Inside
this wrapper, I can call GetStdHandle (via Twapi) and get valid handles for
all 3: in, out, and err. Yet when the script calls postgres.exe, nothing is
received on the output. As mentioned above, nothing is logged in the event
log, either.

If you look at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379554(v=vs.85).aspx,
this code is very similar to pgwin32_is_service (except that it looks for
Admins), but also checks the attributes on the SID to see if it is enabled,
or used for deny only. I believe this check needs to be added to
pgwin32_is_service.

Thanks!

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Kyotaro HORIGUCHI 2015-11-04 06:33:46 Re: extend pgbench expressions with functions
Previous Message Michael Paquier 2015-11-04 06:09:31 Re: [PATCH] postgres_fdw extension support

Browse pgsql-bugs by date

  From Date Subject
Next Message Michael Paquier 2015-11-04 07:01:28 Re: Re: BUG #13685: Archiving while idle every archive_timeout with wal_level hot_standby
Previous Message Tom Lane 2015-11-04 02:57:44 Re: BUG #13754: Postgres possibly accepts a typo as valid input