On 2017-04-05 04:25:41 +0000, Tsunakawa, Takayuki wrote:
> From: Craig Ringer [mailto:craig.rin...@2ndquadrant.com]
> > On 5 April 2017 at 10:37, Tsunakawa, Takayuki
> > <tsunakawa.ta...@jp.fujitsu.com> wrote:
> > 
> > OTOH, I tried again to leave the DISABLE_MAX_PRIVILEGE as is and add Lock
> > Pages in Memory, using the attached pg_ctl.c.  Please see
> > EnableLockPagesPrivilege() and its call site.  But pg_ctl -w start fails
> > emitting the following message:
> > 
> > That won't work. You'd have to pass 0 to the flags of CreateRestrictedToken
> > and instead supply a PrivilegesToDelete array.
> > You'd probably GetTokenInformation and AND with a mask of ones you wanted
> > to retain.
> Uh, that's inconvenient.  We can't determine what privileges to delete, and 
> we must be aware of new privileges added in the future version of Windows.
> Then, I have to say the last patch (v12) is the final answer.

As I asked before, why can't we delete all privs and add the explicitly
needed once back (using AdjustTokenPrivileges)?

- Andres

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to