Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
От | Tsunakawa, Takayuki |
---|---|
Тема | Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled |
Дата | |
Msg-id | 0A3221C70F24FB45833433255569204D1F63C649@G01JPEXMBYT05 обсуждение исходный текст |
Ответ на | Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled (Michael Paquier <michael.paquier@gmail.com>) |
Ответы |
Re: Re: BUG #13755: pgwin32_is_service not checking if
SECURITY_SERVICE_SID is disabled
|
Список | pgsql-hackers |
From: pgsql-hackers-owner@postgresql.org > [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Michael Paquier > Meh. Local System accounts are used only by services (see comments of > pgwin32_is_service), so I'd expect pgwin32_is_service() to return true in > this case, contrary to what your v5 is doing. v4 is doing it better I think > at quick glance. > Not relying on the fact that local system accounts are only used by services > looks bad to me. I believe v5 is correct for two reasons: (1) SECURITY_SERVICE_RID is enough to check, because the process gets SECURITY_SERVICE_RID when it runs as a service. https://msdn.microsoft.com/ja-jp/library/windows/desktop/aa379649(v=vs.85).aspx SECURITY_SERVICE_RID Accounts authorized to log on as a service. This is a group identifier added to the token of a process when it was loggedas a service. The corresponding logon type is LOGON32_LOGON_SERVICE. I saw descriptions that LocalSystem is used by the SCM, but didn't find a statement that LocalSystem is used only by SCMand services. In addition, if the check for LocalSystem is really necessary, LocalService and NetworkService also needto be checked. https://msdn.microsoft.com/ja-jp/library/windows/desktop/ms684190(v=vs.85).aspx (Japanese article)http://www.atmarkit.co.jp/ait/articles/0905/08/news095.html (2) The OP wants to explicitly run postgres.exe outside the service even when his app runs as a service, so that the app canread postgres's messages from its stdout/stderr. So, he disabled SECURITY_SERVICE_RID when starting postgres.exe. Hisusers may run his app as a service under LocalSystem. [Excerpt] -------------------------------------------------- We ship PG with our own product, which may or may not be installed as a service. When running PG, we run postgres.exe directly via a Tcl-based wrapper script so that we can monitor the output in real time. When our product is installed as a service, we use CreateRestrictedToken to disable all admin rights as well as the SECURITY_SERVICE_RID, and use the returned token with CreateProcessAsUser, for which we also specify CREATE_NEW_CONSOLE. This process then calls our wrapper script. Inside this wrapper, I can call GetStdHandle (via Twapi) and get valid handles for all 3: in, out, and err. Yet when the script calls postgres.exe, nothing is received on the output. As mentioned above, nothing is logged in the event log, either. -------------------------------------------------- Regards Takayuki Tsunakawa
В списке pgsql-hackers по дате отправления: