Rajeev rastogi rajeev.rast...@huawei.com writes:
OK. Then I am moving it to ready for committer.
I've committed this patch. I added a make_native_path() call to fix the
slashes-versus-backslashes issue noted by Christian Ullrich, since that
was an easy one-line addition. I didn't do anything
On 11/29/2013 06:43 PM, Tom Lane wrote:
Rajeev rastogi rajeev.rast...@huawei.com writes:
OK. Then I am moving it to ready for committer.
I've committed this patch. I added a make_native_path() call to fix the
slashes-versus-backslashes issue noted by Christian Ullrich, since that
was an easy
Andrew Dunstan and...@dunslane.net writes:
On 11/29/2013 06:43 PM, Tom Lane wrote:
I've committed this patch. I added a make_native_path() call to fix the
slashes-versus-backslashes issue noted by Christian Ullrich, since that
was an easy one-line addition.
I don't mind changing this, but
Hi, Rajeev
I tested the latest patch. My observation is:
If we give relative data directory path while registering the
service, then service start fails.
But same works if the data directory is absolute path.
Looks like an existing issue. May be we need to internally
On 27 November 2013, Naoya Anzai wrote:
Hi, Rajeev
I tested the latest patch. My observation is:
If we give relative data directory path while registering the
service, then service start fails.
But same works if the data directory is absolute path.
Looks like an existing
On 25 November 2013, Rajeev Rastogi Wrote:
One suggestion:
Instead of using sizeof(cmdLine),
a. Can't we use strlen (hence small 'for' loop).
b. Or use memmove to move one byte.
I looked at this patch a bit. I agree that we need to fix
pgwin32_CommandLine to double-quote
On 24 November 2013, Tom Lane Wrote:
One suggestion:
Instead of using sizeof(cmdLine),
a. Can't we use strlen (hence small 'for' loop).
b. Or use memmove to move one byte.
I looked at this patch a bit. I agree that we need to fix
pgwin32_CommandLine to double-quote the
Rajeev rastogi rajeev.rast...@huawei.com writes:
One suggestion:
Instead of using sizeof(cmdLine),
a. Can't we use strlen (hence small 'for' loop).
b. Or use memmove to move one byte.
I looked at this patch a bit. I agree that we need to fix
pgwin32_CommandLine to double-quote
ON 11 November 2013, Naoya Anzai Wrote:
Hi Amit,
I have uploaded your patch for next commit fest, hope you can support
it if there is any feedback for your patch by reviewer/committer.
Thanks! Okay, I will support you.
1. Patch applies cleanly to master HEAD.
2. No Compilation Warning.
Hi Amit,
I have uploaded your patch for next commit fest, hope you can support
it if there is any feedback for your patch by reviewer/committer.
Thanks! Okay, I will support you.
Best Regards,
Naoya
Hi Naoya,
On Thu, Oct 31, 2013 at 5:42 PM, Robert Haas robertmh...@gmail.com wrote:
On
Hi Naoya,
On Thu, Oct 31, 2013 at 5:42 PM, Robert Haas robertmh...@gmail.com wrote:
On Thu, Oct 31, 2013 at 1:44 AM, Asif Naeem anaeem...@gmail.com wrote:
On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila amit.kapil...@gmail.com
wrote:
On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
Services are started with the system privileges. If somebody is able to
place that .exe in the specified directory, then it will be executed on
service start. So, yes, I too agree with Asif that it is an important issue
and should be fixed in the code at the earliest.
On Thu, Oct 31, 2013 at
On Thu, Oct 31, 2013 at 1:44 AM, Asif Naeem anaeem...@gmail.com wrote:
On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila amit.kapil...@gmail.com
wrote:
On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
anzai-na...@mxu.nes.nec.co.jp wrote:
Hi Sandeep
I think, you should change the subject line
On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
anzai-na...@mxu.nes.nec.co.jp wrote:
Hi Sandeep
I think, you should change the subject line to Unquoted service path
containing space is vulnerable and can be exploited on Windows to get the
attention.. :)
Thank you for advice!
I'll try to
On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila amit.kapil...@gmail.comwrote:
On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
anzai-na...@mxu.nes.nec.co.jp wrote:
Hi Sandeep
I think, you should change the subject line to Unquoted service path
containing space is vulnerable and can be
Yes. It should not be installer issue as installer is using pg_ctl to
register and run the service on Windows. Thanks.
Best Regards,
Muhammad Asif Naeem
On Tue, Oct 29, 2013 at 9:57 AM, Sandeep Thakkar
sandeep.thak...@enterprisedb.com wrote:
So, this is not an installer issue. Is this bug
Hi,Sandeep
Thanks.
Sorry, There was a mistake in what I said.
I said
Not only pg_ctl.exe but postgres.exe also have the same problem.
but, to say it correctly,
postgres.exe does not have the problem.
Source that contains the problem is only pg_ctl.c.
So, this is not an installer
Hi Naoya
I think, you should change the subject line to Unquoted service path
containing space is vulnerable and can be exploited on Windows to get the
attention.. :)
BTW, in your case, the file Program should be an exe and not just any
other file to exploit this vulnerability. Right?
On
Hi Sandeep
I think, you should change the subject line to Unquoted service path
containing space is vulnerable and can be exploited on Windows to get the
attention.. :)
Thank you for advice!
I'll try to post to pgsql-bugs again.
BTW, in your case, the file Program should be an exe and
Hi Naoya,
I am not able to reproduce the problem. Do you mean pg windows service
installed by installer is not working or bin\pg_ctl binary is not accepting
spaces in the patch ?. Following worked for me i.e.
C:\Users\asif\Desktop\Program files\9.3bin\pg_ctl -D
C:\Users\asif\Desktop\Program
Hi, Asif.
Thank you for response.
C:\Users\asif\Desktop\Program files\9.3bin\pg_ctl -D
C:\Users\asif\Desktop\Program files\9.3\data1 -l logfile start
server starting
This failure does not occur by the command line.
PostgreSQL needs to start by Windows Service.
Additionally,In
It is related to windows unquoted service path vulnerability in the the
installer that creates service path without quotes that make service.exe to
look for undesirable path for executable.
postgresql-9.3 service path : C:/Users/asif/Desktop/Program
files/9.3/bin/pg_ctl.exe runservice -N
Sandeep, can you look at this please? Thanks.
On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem anaeem...@gmail.com wrote:
It is related to windows unquoted service path vulnerability in the the
installer that creates service path without quotes that make service.exe to
look for undesirable path for
Hi Dave
We register the service using pg_ctl. When I manually executed the
following on the command prompt, I saw that the service path of the
registered service did not have the pg_ctl.exe path in quotes. May be it
should be handled in the pg_ctl code.
*c:\Users\Sandeep
Hi Sandeep,
PFA Naoya's patch (pg_ctl.c.patch).
Hi Naoya,
Good finding. I have attached another version of patch
(pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
code changes, can you please take a look ?. Thanks.
Best Regards,
Asif Naeem
On Mon, Oct 28, 2013 at 4:46
Hi, Asif
Thank you for providing my patch (pg_ctl.c.patch) to Sandeep on my behalf.
Good finding. I have attached another version of patch
(pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of code
changes, can you please take a look ?. Thanks.
I think your patch is not
So, this is not an installer issue. Is this bug raised to the PostgreSQL
community? If yes, you should submit the patch there.
On Tue, Oct 29, 2013 at 6:23 AM, Naoya Anzai
anzai-na...@mxu.nes.nec.co.jpwrote:
Hi, Asif
Thank you for providing my patch (pg_ctl.c.patch) to Sandeep on my behalf.
27 matches
Mail list logo