Re: [HACKERS] [PATCHES] fork/exec patch
| От | Magnus Hagander |
|---|---|
| Тема | Re: [HACKERS] [PATCHES] fork/exec patch |
| Дата | |
| Msg-id | 6BCB9D8A16AC4241919521715F4D8BCE171572@algol.sollentuna.se обсуждение исходный текст |
| Список | pgsql-hackers-win32 |
> As for Local System, most important services on win32 log on > as Local System by default. Apache, mysql, etc. (I think, > even SQL server) are all configured to run this way, mostly > because it causes less hassles for the typical win32 user. > Of course, you can lock everything down after installation. > Assumptions are just fundamentally different on win32. Actually, MS SQL recommends you do *not* use Local System, for security reasons. So do all other Microsoft products that have shipped recently, AFAIK. Even IIS 6 doesn't run as Local System all the time anymore. This is the reason why Windows Server 2003 has introduced LOCAL SERVICE and NETWORK SERVICE which are used for low privilege servers that do not have their own accounts. They could be used, but then you are locking yourslef to 2003, which is not good. NO service that does not ABSOLUTELY NEED Local System should *EVER* run as Local System. One reason there are lots of security holes is far too many breaks this assumption. You should *always* run with least required privilege, and that is not Local System. If you need only local access, use a local account. If you need to map drives or access SMB resources outside the local machine, use a domain account with just the appropriate privileges. Just because others do it wrong doesn't mean postgresql should. If you won't run as root on unix, don't do it on Windows. At least don't *require* it. And if started as local system, at least log a warning that this really is not a very good idea. It is only slightly less of a hassle. Instead pre-package with installation program or a simple tool that will create a local account and assign it Login As Service permissions. You're sure to nede to run as an administrator to install it anwyay (otherwise, you can't add the service to the SCM), so no extra privs needed there. > > Is there a decision on which platforms should be supported, > other than > > it's NT4+? > > Personally, I could care less if 95, 98, or ME are supported, > and neither will the vast majority of win32 IT folks. IIRC, > NT4 supports everything we need. I wouldn't worry about it > too much. Yeah, I'd say ignore the 9x line as well - it just lacks too much. The question is if NT4 needs to be supported, or if you can put the bar at Windows 2000. IMHO, NT4 should be supported if possible since there are still a *lot* of NT4 installations out there, but that's just me... //Magnus
В списке pgsql-hackers-win32 по дате отправления: