Re: [HACKERS] Supporting huge pages on Windows

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: [HACKERS] Supporting huge pages on Windows
Дата
Msg-id CABUevEw09Jyh3Fz+c84=AK7C7j_RphBAO-=_J4e1OkKiWR4f4A@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Supporting huge pages on Windows  (Robert Haas <robertmhaas@gmail.com>)
Ответы Re: [HACKERS] Supporting huge pages on Windows
Re: [HACKERS] Supporting huge pages on Windows
Список pgsql-hackers
Дерево обсуждения
On Wed, Apr 5, 2017 at 9:15 AM, Tsunakawa, Takayuki <tsunakawa.takay@jp.fujitsu.com> wrote:
From: pgsql-hackers-owner@postgresql.org
> [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Andres Freund
> As I asked before, why can't we delete all privs and add the explicitly
> needed once back (using AdjustTokenPrivileges)?

I tried it with pg_ctl.c attached to an earlier mail today, i.e. delete all privs with CreateRestrictedToken(DISABLE_ALL_PRIVILEGE) and enable Lock Pages in Memory with AdjustTokenPrivileges().  But it didn't work; AdjustTokenPrivileges() failed to enable the priv.  It's probably that CreateRestrictedToken() deletes (unassigns?) the privs from the access token, so subsequent AdjustTokenPrivileges() can no longer enable the priv.


Once you have used CreateRestrictedToken(), you can no longer add *anything* to it. It's not just removed privileges, there's a special flag on the token that says it's restricted (can be checked with IsTokenRestricted()).

I think what you'd need to do is enumerate what privileges the user has *before* calling CreateRestrictedToken(), using GetTokenInformation(). And then pass those into PrivilegesToDelete (except for SeChangeNotifyPrivilege) in the call to CreateRestrictedToken(), instead of using DISABLE_MAX_PRIVILEGE. (and add the privilege needed for huge pages before you start that whole process -- that needs to be added in the token used *before* we create the restricted one).

At least that's my guess from reading the docs and trying to remember :)

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Álvaro Hernández Tortosa
Дата:
Сообщение: Re: [HACKERS] SCRAM authentication, take three
Следующее
От: Heikki Linnakangas
Дата:
Сообщение: Re: [HACKERS] Implementation of SASLprep for SCRAM-SHA-256