Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

Поиск
Список
Период
Сортировка
От Michael Paquier
Тема Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Дата
Msg-id CAB7nPqQG_BL6Ct=DRgn5=REODErXwosRAGk6B6BemGWJFjeoow@mail.gmail.com
обсуждение исходный текст
Ответ на BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled  (breen@rtda.com)
Ответы Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled
Список pgsql-bugs
Дерево обсуждения 
On Wed, Nov 4, 2015 at 3:23 PM,  <breen@rtda.com> wrote:
> Short version: pgwin32_is_service checks the process token for
> SECURITY_SERVICE_RID by doing an EqualSid check.  This will match against a
> SECURITY_SERVICE_RID that has been disabled ("use_for_deny_only"), causing
> PG to think it's a service when it is not.  This causes it to attempt to log
> to the event log, but this doesn't work, and so there is no logging at all.

OK. So if I am following correctly... If Postgres process uses a
SECURITY_SERVICE_RID SID that has SE_GROUP_USE_FOR_DENY_ONLY enabled
it will try to access to the event logs but will be denied as all
accesses are denied with this attribute, right?

What do you think about the patch attached then?
--
Michael
Вложения

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Joe Conway
Дата:
Сообщение: Re: Version 9.4 CREATE FUNCTION - ERROR: type xxxx does not exist create function
Следующее
От: Breen Hagan
Дата:
Сообщение: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled