The attached patch fixes problems reported primarily on Vista, but
also on some Windows 2003 and XP installations in which initdb reports
that it cannot find postgres.exe.
This occurs because of security-related changes implemented in Windows
Vista and recent patches on older OS's. When running initdb or pg_ctl
we currently create a restricted security token with the
Administrators and Power Users groups (and thus their privileges)
removed and re-execute the same program using the restricted token.
This ensures that the process is run without potentially dangerous
privileges no matter what user account it was started from. On Vista
and friends however, the default DACL (list of Access Control Entries)
used in the restricted token contains Administrators (the group) &
System when we run as Administrator, vs. User + System when run as
other users. Because we then drop Administrators, we are left with
only the System ACE in the DACL, which does not allow us to use
CreatePipe()/CreateProcess().
To fix this, when we create the restricted process, we initially start
it in suspended mode. We modify it's DACL to explicitly add an ACE for
the current user, and then resume the child process. This remains
secure because administrative privileges are granted to the groups
that we've dropped, not the user itself.
I've tested on Vista and XP, but additional testing would be useful
(Andrew, Magnus?). Please apply to head, 8.3 and 8.2
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
The Oracle-compatible database company