Hi Sandeep, PFA Naoya's patch (pg_ctl.c.patch).
Hi Naoya, Good finding. I have attached another version of patch (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of code changes, can you please take a look ?. Thanks. Best Regards, Asif Naeem On Mon, Oct 28, 2013 at 4:46 PM, Sandeep Thakkar < sandeep.thak...@enterprisedb.com> wrote: > Hi Dave > > We register the service using pg_ctl. When I manually executed the > following on the command prompt, I saw that the service path of the > registered service did not have the pg_ctl.exe path in quotes. May be it > should be handled in the pg_ctl code. > > *c:\Users\Sandeep Thakkar\Documents>*"c:\Program > Files\PostgreSQL\9.3\bin\pg_ctl.e > xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D "c:\Program > Files\P > ostgreSQL\9.3\data" -w > > Naoya, I could not find your patch here. Can you please share it again? > > > > On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dp...@pgadmin.org> wrote: > >> Sandeep, can you look at this please? Thanks. >> >> On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <anaeem...@gmail.com> wrote: >> > It is related to windows unquoted service path vulnerability in the the >> > installer that creates service path without quotes that make >> service.exe to >> > look for undesirable path for executable. >> > >> > postgresql-9.3 service path : C:/Users/asif/Desktop/Program >> > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D >> > "C:/Users/asif/Desktop/Program files/9.3/data" -w >> > >> > service.exe >> >> >> >> C:\Users\asif\Desktop\Program NAME NOT FOUND >> >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS >> DENIED >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS >> DENIED >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice >> NAME >> >> NOT FOUND >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe >> >> NAME NOT FOUND >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> NAME NOT FOUND >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice >> -N.exe >> >> NAME NOT FOUND >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> "postgresql-9.3" NAME INVALID >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> "postgresql-9.3".exe NAME INVALID >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> "postgresql-9.3" -D NAME INVALID >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> "postgresql-9.3" -D.exe NAME INVALID >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" >> NAME >> >> INVALID >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe >> >> NAME INVALID >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w >> >> NAME INVALID >> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N >> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" >> -w.exe >> >> NAME INVALID >> > >> > >> > Fix : >> > >> > postgresql-9.3 service path : "C:/Users/asif/Desktop/Program >> > files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D >> > "C:/Users/asif/Desktop/Program files/9.3/data" -w >> > >> > It would be good if this is reported on pg installer forum or security >> > forum. Thanks. >> > >> > Regards, >> > Asif Naeem >> > >> > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai >> > <anzai-na...@mxu.nes.nec.co.jp> wrote: >> >> >> >> Hi, Asif. >> >> >> >> Thank you for response. >> >> >> >> >> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D >> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start >> >> > server starting >> >> >> >> This failure does not occur by the command line. >> >> PostgreSQL needs to start by Windows Service. >> >> >> >> Additionally,In this case, >> >> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and >> >> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program >> >> files\9.3\bin". >> >> ------------ >> >> C:\Users\asif\Desktop\Program files\9.3\bin>dir >> >> ... >> >> 4,435,456 postgres.exe >> >> 80,896 pg_ctl.exe >> >> ... >> >> >> >> C:\Users\asif\Desktopp>dir >> >> ... >> >> 0 Program >> >> <DIR> Program files >> >> ... >> >> ------------ >> >> >> >> Regards, >> >> Naoya >> >> >> >> > Hi Naoya, >> >> > >> >> > I am not able to reproduce the problem. Do you mean pg windows >> service >> >> > installed by installer is not working or bin\pg_ctl binary is not >> accepting >> >> > spaces in the patch ?. Following worked for me i.e. >> >> > >> >> > >> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D >> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start >> >> > server starting >> >> > >> >> > >> >> > Can you please share the exact steps ?. Thanks. >> >> > >> >> > >> >> > Regards, >> >> > Muhammad Asif Naeem >> >> > >> >> > >> >> > >> >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai >> >> > <anzai-na...@mxu.nes.nec.co.jp> wrote: >> >> > >> >> > >> >> > Hi All, >> >> > >> >> > I have found a case that PostgreSQL Service does not start. >> >> > When it happens, the following error appears. >> >> > >> >> > "is not a valid Win32 application" >> >> > >> >> > This failure occurs when the following conditions are true. >> >> > >> >> > 1. There is "postgres.exe" in any directory that contains a >> space, >> >> > such as "Program Files". >> >> > >> >> > e.g.) >> >> > C:\Program Files\PostgreSQL\bin\postgres.exe >> >> > >> >> > 2. A file using the first white space-delimited >> >> > tokens of that directory as the file name exists, >> >> > and there is it in the same hierarchy. >> >> > >> >> > e.g.) >> >> > C:\Program //file >> >> > >> >> > "pg_ctl.exe" as PostgreSQL Service creates a postgres >> >> > process using an absolute path which indicates the >> >> > location of "postgres.exe",but the path is not enclosed >> >> > in quotation. >> >> > >> >> > Therefore,if the above-mentioned conditions are true, >> >> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe) >> >> > tries to create a process using the other file such >> >> > as "Program", so the service fails to start. >> >> > >> >> > Accordingly, I think that the command path should be >> >> > enclosed in quotation. >> >> > >> >> > I created a patch to fix this failure, >> >> > So could anyone confirm? >> >> > >> >> > Regards, >> >> > >> >> > Naoya >> >> > >> >> > --- >> >> > Naoya Anzai >> >> > Engineering Department >> >> > NEC Soft, Ltd. >> >> > E-Mail: anzai-na...@mxu.nes.nec.co.jp >> >> > --- >> >> > >> >> > >> >> > -- >> >> > Sent via pgsql-hackers mailing list ( >> pgsql-hackers@postgresql.org) >> >> > To make changes to your subscription: >> >> > http://www.postgresql.org/mailpref/pgsql-hackers >> >> > >> >> > >> >> > >> >> > >> >> > >> >> >> >> 以上、よろしくお願い致します。 >> >> >> >> -------------------------------------------------------- >> >> NECソフト株式会社 >> >> PFシステム事業部 テーマソフト開発G >> >> 安西 直也 >> >> >> >> 外線(03)5534-2353 >> >> 内線(8)57-40364 >> >> Mail:NES-N2363 >> >> E-mail:anzai-na...@mxu.nes.nec.co.jp >> >> -------------------------------------------------------- >> >> ≪本メールの取り扱い≫ >> >> ・区分:秘密 >> >> ・開示:必要最小限で可 >> >> ・持出:禁止 >> >> ・期限:無期限 >> >> ・用済後:廃棄 >> >> >> >> >> >> >> >> >> >> -- >> Dave Page >> Blog: http://pgsnake.blogspot.com >> Twitter: @pgsnake >> >> EnterpriseDB UK: http://www.enterprisedb.com >> The Enterprise PostgreSQL Company >> > > > > -- > Sandeep Thakkar > Senior Software Engineer > > > Phone: +91.20.30589505 > > Website: www.enterprisedb.com > EnterpriseDB Blog: http://blogs.enterprisedb.com/ > Follow us on Twitter: http://www.twitter.com/enterprisedb > > >
pg_ctl.c.patch
Description: Binary data
pg_ctl.c_windows_vulnerability.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers