From: Heikki Linnakangas Date: Mon, 26 Sep 2016 06:19:20 +0000 (+0300) Subject: Fix check for whether postmaster is running as a Windows service. X-Git-Url: http://git.postgresql.org/gitweb/?a=commitdiff_plain;h=196debdbd45c1da6fc8163beabc75b045807ac3c;p=users%2Fheikki%2Fpostgres.git Fix check for whether postmaster is running as a Windows service. If postmaster is launched with a restricted security token, with the "Log in as Service" privilege explicitly removed, the token will contain SECURITY_SERVICE_RID with the SE_GROUP_USE_FOR_DENY_ONLY flag, and without the SE_GROUP_ENABLED flag. pgwin32_is_service() was fooled by that, and thought that it's running as a service. Fix to check for the SE_GROUP_ENABLED flag, like we do in pgwin32_is_admin(). Patch by Michael Paquier, per Breen Hagan's report and analysis. Backpatch to all supported versions. Bug: #13755 Discussion: <20151104062315.2745.67143@wrigleys.postgresql.org> --- diff --git a/src/backend/port/win32/security.c b/src/backend/port/win32/security.c index 6b00570ac0..aadbd08aa5 100644 --- a/src/backend/port/win32/security.c +++ b/src/backend/port/win32/security.c @@ -188,7 +188,8 @@ pgwin32_is_service(void) _is_service = 0; for (x = 0; x < Groups->GroupCount; x++) { - if (EqualSid(ServiceSid, Groups->Groups[x].Sid)) + if (EqualSid(ServiceSid, Groups->Groups[x].Sid) && + (Groups->Groups[x].Attributes & SE_GROUP_ENABLED)) { _is_service = 1; break;