Re: PgSQL not as Administrator - probs on w
| От | Mark Cave-Ayland |
|---|---|
| Тема | Re: PgSQL not as Administrator - probs on w |
| Дата | |
| Msg-id | 8F4A22E017460A458DB7BBAB65CA6AE512D2B8@openmanage обсуждение исходный текст |
| Список | pgsql-hackers-win32 |
> -----Original Message----- > From: pgsql-hackers-win32-owner@postgresql.org > [mailto:pgsql-hackers-win32-owner@postgresql.org] On Behalf > Of Magnus Hagander > Sent: 04 July 2004 14:49 > To: Gary Doades; pgsql-hackers-win32@postgresql.org > Subject: Re: [pgsql-hackers-win32] PgSQL not as Administrator > - probs on w > > > >> We very much do *not* want to go grant a privilege to > >administrator that > >> it doesn't already have. If it is required, it should be > >done manually > >> by the administrator himself. > >> > >> (Oh, and the resource kit is very much *NOT* free. It's a licensed > >> product like others. The supplement is like a servicepack > - you still > >> need the original kit license) > >> > > > >Once again you are right. I thought that you may be able to > only grant > >the permission for the duration of initdb etc, but there are other > >problems with this anyway. > > Yeah. You can enable the privilege temporarily, but actually > granting it in the account database is a bigger operation. > (Not to mention how many eventlog monitors/IDS systems the > install is going to trigger if it does > that) Yeah that would be a nice piece of code using the Lsa*() API..... :) It's also not good practise as a short hole exists (admittedly for a very short space of time) that would allow process impersonation. I can only guess that things are done this way in NT for a very good reason. > Yeah, that's the uglier way to do it. We could even create a > temporary service, start it, wait for it to stop by itself, > and then remove it. > > //Magnus Looks like someone else has had a similar idea: see http://www.pluralsight.com/keith/security/sample_cmdasuser.htm for the documentation and http://www.pluralsight.com/keith/security/samples.htm for a link to a ZIP file containing the source. I think that as messy as it is, from a security viewpoint it is probably the best option. I also agree that if we allow a command line override than it will be abused in production. Also, I would think that if developers are working on a patch then it should be fairly trivial for them to knock out the Admin check during development.... ;) Cheers, Mark. --- Mark Cave-Ayland Webbased Ltd. Tamar Science Park Derriford Plymouth PL6 8BX England Tel: +44 (0)1752 764445 Fax: +44 (0)1752 764446 This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person.
В списке pgsql-hackers-win32 по дате отправления: