Re: PgSQL not as Administrator - probs on w

> -----Original Message-----
> From: pgsql-hackers-win32-owner@postgresql.org
> [mailto:pgsql-hackers-win32-owner@postgresql.org] On Behalf
> Of Dave Page
> Sent: 01 July 2004 09:12
> To: Claudio Natoli; Gary Doades; pgsql-hackers-win32@postgresql.org
> Subject: Re: [pgsql-hackers-win32] PgSQL not as Administrator
> - probs on w
>
> > > I agree.
> >
> > As do I.
> >
>
> As do I, however I was unable to convince the powers that be
> to allow such a change, as the only platform it will actually
> cause anything more than an inconvenience on is NT4 which
> doesn't have runas.exe.
>
> When running as a service, just use a non-privileged account,
> and when not, use runas to run it under a non-privileged
> account. It's a pain, but at least it'll be secure.
>
> Regards, Dave.


I must admit I find the prospect of running servers under a privileged
account a little bit scary. Is there no way that we can roll our own
"runas.exe" that we can supply as part of the PostgreSQL distribution?
From what I remember of the Win32 API, I can't see it being a
particularly complex piece of code - perhaps some sort of hook into
pg_ctl?

Then we could guarantee at least some level of security if an exploit is
found. I know that PostgreSQL is very unlikely to be exploitable, but I
can see this option being abused by newbie users forced to log in as
admin long after release.... this could leave a lot of vunerable
machines out there.


Kind regards,

Mark.

---

Mark Cave-Ayland
Webbased Ltd.
Tamar Science Park
Derriford
Plymouth
PL6 8BX
England

Tel: +44 (0)1752 764445
Fax: +44 (0)1752 764446


This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender. You
should not copy it or use it for any purpose nor disclose or distribute
its contents to any other person.