Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-28 Thread Michael Paquier
On Tue, Nov 22, 2016 at 1:58 PM, Tsunakawa, Takayuki wrote: > From: Craig Ringer [mailto:cr...@2ndquadrant.com] >> You meant CheckTokenMembership(). > > Yes, my typo in the mail. > >> The proposed patch does need to be checked with: > > I understood you meant by

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-21 Thread Tsunakawa, Takayuki
From: Craig Ringer [mailto:cr...@2ndquadrant.com] > You meant CheckTokenMembership(). Yes, my typo in the mail. > The proposed patch does need to be checked with: I understood you meant by "refuse to run" that postgres.exe fails to start below. Yes, I checked it on Win10. I don't have access

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-21 Thread Craig Ringer
On 8 November 2016 at 14:31, Tsunakawa, Takayuki wrote: > From: Michael Paquier [mailto:michael.paqu...@gmail.com] >> I just looked more deeply at your refactoring patch, and I didn't know about >> CheckTokenMembership()... The whole logic of your patch depends on

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Tsunakawa, Takayuki
From: Michael Paquier [mailto:michael.paqu...@gmail.com] > I just looked more deeply at your refactoring patch, and I didn't know about > CheckTokenMembership()... The whole logic of your patch depends on it. > That's quite a cleanup that you have here. It looks that the former > implementation

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Michael Paquier
On Tue, Nov 8, 2016 at 2:25 PM, Tsunakawa, Takayuki wrote: > From: pgsql-hackers-ow...@postgresql.org >> [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of Michael Paquier >> Things are this way since b15f9b08 that introduced pgwin32_is_service(). >> Still,

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Tsunakawa, Takayuki
From: pgsql-hackers-ow...@postgresql.org > [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of Michael Paquier > Things are this way since b15f9b08 that introduced pgwin32_is_service(). > Still, by considering what you say, you definitely have a point that if > postgres is started by another

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Michael Paquier
On Tue, Nov 8, 2016 at 1:36 PM, Tsunakawa, Takayuki wrote: > From: pgsql-hackers-ow...@postgresql.org >> [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of Michael Paquier >> Hm... See here: >>

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Tsunakawa, Takayuki
From: pgsql-hackers-ow...@postgresql.org > [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of Michael Paquier > Hm... See here: > http://stackoverflow.com/questions/6084547/how-to-check-whether-a-proc > ess-is-running-as-a-windows-service > And particularly this quote: > "No, that is not

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Michael Paquier
On Tue, Nov 8, 2016 at 12:16 PM, Tsunakawa, Takayuki wrote: > From: pgsql-hackers-ow...@postgresql.org >> [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of Michael Paquier >> https://msdn.microsoft.com/ja-jp/library/windows/desktop/ms684190(v=vs >> >

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Tsunakawa, Takayuki
From: pgsql-hackers-ow...@postgresql.org > [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of Michael Paquier > https://msdn.microsoft.com/ja-jp/library/windows/desktop/ms684190(v=vs > > .85).aspx > > That's what I looked at as well :) And this part is what caught my attention, > meaning

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Michael Paquier
On Tue, Nov 8, 2016 at 11:36 AM, Tsunakawa, Takayuki wrote: > SECURITY_SERVICE_RID > Accounts authorized to log on as a service. This is a group identifier added > to the token of a process when it was logged as a service. The corresponding > logon type is

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Tsunakawa, Takayuki
From: pgsql-hackers-ow...@postgresql.org > [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of Michael Paquier > Meh. Local System accounts are used only by services (see comments of > pgwin32_is_service), so I'd expect pgwin32_is_service() to return true in > this case, contrary to what your

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Michael Paquier
On Tue, Nov 8, 2016 at 6:47 AM, MauMau wrote: > As I guessed in the previous mail, both our patches cause > pgwin32_is_service() to return 1 even when SECURITY_SERVICE_RID is > disabled, if the service is running as a Local System. The existing > logic of checking for Local

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Michael Paquier
On Mon, Nov 7, 2016 at 10:31 PM, MauMau wrote: > Yes, I tested both your patch and mine. I used the attached pg_ctl.c. > It adds -z option which disables SECURITY_SERVICE_RID. Okay, so you did exactly what I did except that you wrapped with an option... > I guess you

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread MauMau
Hi, Michael As I guessed in the previous mail, both our patches cause pgwin32_is_service() to return 1 even when SECURITY_SERVICE_RID is disabled, if the service is running as a Local System. The existing logic of checking for Local System should be removed. The attached patch fixes this

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread MauMau
From: Michael Paquier Hm.. I have just tested HEAD, my patch and your patch using my patch test on pg_ctl.c, but I am always getting pgwin32_is_service set to 0 when running pg_ctl start from a terminal, and set it to 1 when running pg_ctl service to register the service startup. Could you precise

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-07 Thread Michael Paquier
On Mon, Nov 7, 2016 at 9:49 AM, Tsunakawa, Takayuki wrote: > From: pgsql-hackers-ow...@postgresql.org >> [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of Michael Paquier >> On Sun, Nov 6, 2016 at 6:30 PM, MauMau wrote: >> So you see

Re: [HACKERS] Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

2016-11-06 Thread Tsunakawa, Takayuki
From: pgsql-hackers-ow...@postgresql.org > [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of Michael Paquier > On Sun, Nov 6, 2016 at 6:30 PM, MauMau wrote: > > Sorry, I may have had to send this to pgsql-hackers. I just replied > > to all, which did not include