Dave Page wrote:
The attached patch fixes problems reported primarily on Vista, but
also on some Windows 2003 and XP installations in which initdb reports
that it cannot find postgres.exe.

This occurs because of security-related changes implemented in Windows
Vista and recent patches on older OS's. When running initdb or pg_ctl
we currently create a restricted security token with the
Administrators and Power Users groups (and thus their privileges)
removed and re-execute the same program using the restricted token.
This ensures that the process is run without potentially dangerous
privileges no matter what user account it was started from. On Vista
and friends however, the default DACL (list of Access Control Entries)
used in the restricted token contains Administrators (the group) &
System when we run as Administrator, vs. User + System when run as
other users. Because we then drop Administrators, we are left with
only the System ACE in the DACL, which does not allow us to use

To fix this, when we create the restricted process, we initially start
it in suspended mode. We modify it's DACL to explicitly add an ACE for
the current user, and then resume the child process. This remains
secure because administrative privileges are granted to the groups
that we've dropped, not the user itself.

I've tested on Vista and XP, but additional testing would be useful
(Andrew, Magnus?). Please apply to head, 8.3 and 8.2

This appears to work for initdb. But "make check" fails after the initdb stage, I think because pg_regress doesn't use pg_ctl to start the postmaster. The log just reads "Access is denied'"

I don't have too much difficulty with that as long as we stipulate that postgres has to be built, or at least checked, as a non-privileged user (c.f. recent discussion of building RPMs as root). Alternatively, we should also patch pg_regress.c



---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to [EMAIL PROTECTED] so that your
      message can get through to the mailing list cleanly

Reply via email to