Tom Lane said:
Bruce Momjian [EMAIL PROTECTED] writes:
Tom Lane wrote:
Why? If we refuse to run as root on Unix, I do not see an argument
for being more forgiving on Windows.
I am not sure it is as easy to run as non-admin on Win32 as it is to
run as non-root on Unix. Is it?
Ease of use
2. Are you sure Powerusers is such a good idea? It's the default for
all non-admin users. When Postgres becomes a service, it's going to be
relatively easy to configure it to run as a low-priv user. Until then,
however, isn't it too difficult for admins to set up the system for it
to run as a
Thomas Hallgren wrote:
http://download.microsoft.com/download/1/b/8/1b8fc001-6f67-4ea1-b0f2-8add1da8cbc0/_Toc42414596
Link does not work.
Exerpt:
Unfortunately, these permissions are also the same permissions that allow
power users to:
? Introduce Trojan horses that, if executed by
Sorry. That link was internal to the document. This one should work.
http://download.microsoft.com/download/1/b/8/1b8fc001-6f67-4ea1-b0f2-8add1da8cbc0/SecDefs2003.doc
Regards,
Thomas Hallgren
Shachar Shemesh [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Thomas Hallgren wrote:
1. You forgot to check localsystem, as well as domain
admins. These two have even higher permissions than the ones
you test for, and one of them is the default if Postgre ever
makes it to become a service.
Not at all. Local System is a member of the Administrators group (no, it
doesn't
Why? If we refuse to run as root on Unix, I do not see an
argument
for being more forgiving on Windows.
I am not sure it is as easy to run as non-admin on Win32 as
it is to
run as non-root on Unix. Is it?
It is a little bit more tricky, but not much. I'd say it's more a factor
I played a bit with that code. According to Microsoft samples
for service managers, errors and events should be logged to
eventlog. so I added a function (almost copy of sample
service code), it's a messy, but it was enough to see what is
happening with the service.
Consider using
. if the installer is running as Administrator, it should create a
Postgres user
IOW, we need to make it as easy as possible to be secure.
No objection to that idea ...
I don't think we should create a postgres user. We should tell the guy
who installs it to do that, and have him tell
Magnus Hagander wrote:
. if the installer is running as Administrator, it should create a
Postgres user
IOW, we need to make it as easy as possible to be secure.
No objection to that idea ...
I don't think we should create a postgres user. We should tell the guy
who installs it
Magnus Hagander wrote:
. if the installer is running as Administrator, it should create a
Postgres user
IOW, we need to make it as easy as possible to be secure.
No objection to that idea ...
I don't think we should create a postgres user. We should tell the guy
who installs
Magnus Hagander wrote:
The installer-skeleton I have right now permits
installation as local
system but recommends a user account. But that's just
functionality to
remove, so that's easily done. In the other case, it prompts for
username and password to run as.
How would
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bruce Momjian
Sent: 04 May 2004 16:08
To: Magnus Hagander
Cc: Tom Lane; Andrew Dunstan; [EMAIL PROTECTED]
Subject: Re: [PATCHES] Run-as-admin warning for win32
Magnus Hagander wrote:
The
Mark Cave-Ayland wrote:
Just listening in on this thread I would be inclined to agree that
the Win32 PostgeSQL should run under its own user given the history of
Windows security. FWIW I know that Installshield (one of the most
popular installers) and the default settings for MSI mean that
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
Tom Lane wrote:
I guess what you are saying is we should have a configure-time option to
address configured directories via relative paths from the executable's
directory, rather than absolute paths? Seems reasonable ...
Yep.
Bruce Momjian wrote:
+ if (toupper(*src) != toupper(*src))
Shouldn't this be
if (toupper(*src) != toupper(*dst))
?
For completeness, you should probably also check for network drive paths
(\\machine\sharename\foo).
I also think we should just canonicalise everything early, and then
Andrew Dunstan wrote:
Bruce Momjian wrote:
+ if (toupper(*src) != toupper(*src))
Shouldn't this be
if (toupper(*src) != toupper(*dst))
?
Yep, fixed.
For completeness, you should probably also check for network
drive paths (\\machine\sharename\foo).
Oh, OK.
I
Bruce Momjian wrote:
Andrew Dunstan wrote:
I must confess I think this scheme is overkill - I can't think
of a use case where one would want a relocatable installation
which would any pattern other than the one we are thinking of
for the windows binary installer. Are we taking flexibility too
17 matches
Mail list logo