Skip site navigation (1) Skip section navigation (2)

Re: Fix for initdb failures on Vista

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Dave Page <dpage(at)pgadmin(dot)org>
Cc: pgsql-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Fix for initdb failures on Vista
Date: 2008-02-29 05:17:51
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-patches

Dave Page wrote:
> The attached patch fixes problems reported primarily on Vista, but
> also on some Windows 2003 and XP installations in which initdb reports
> that it cannot find postgres.exe.
> This occurs because of security-related changes implemented in Windows
> Vista and recent patches on older OS's. When running initdb or pg_ctl
> we currently create a restricted security token with the
> Administrators and Power Users groups (and thus their privileges)
> removed and re-execute the same program using the restricted token.
> This ensures that the process is run without potentially dangerous
> privileges no matter what user account it was started from. On Vista
> and friends however, the default DACL (list of Access Control Entries)
> used in the restricted token contains Administrators (the group) &
> System when we run as Administrator, vs. User + System when run as
> other users. Because we then drop Administrators, we are left with
> only the System ACE in the DACL, which does not allow us to use
> CreatePipe()/CreateProcess().
> To fix this, when we create the restricted process, we initially start
> it in suspended mode. We modify it's DACL to explicitly add an ACE for
> the current user, and then resume the child process. This remains
> secure because administrative privileges are granted to the groups
> that we've dropped, not the user itself.
> I've tested on Vista and XP, but additional testing would be useful
> (Andrew, Magnus?). Please apply to head, 8.3 and 8.2

This appears to work for initdb. But "make check" fails after the initdb 
stage, I think because pg_regress doesn't use pg_ctl to start the 
postmaster. The log just reads "Access is denied'"

I don't have too much difficulty with that as long as we stipulate that 
postgres has to be built, or at least checked, as a non-privileged user 
(c.f. recent discussion of building RPMs as root). Alternatively, we 
should also patch pg_regress.c



In response to


pgsql-patches by date

Next:From: Tom LaneDate: 2008-02-29 05:44:35
Subject: Re: DTrace probe patch for OS X Leopard
Previous:From: ITAGAKI TakahiroDate: 2008-02-29 03:12:58
Subject: Logging conflicted queries on deadlocks

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group