Re: R?f. : RE: Running PostGre on DVD

> > > Ah, now we are making progress. If there was a way to
> give up file
> > > access permissions so you could no longer write files to,
> say, the
> > > Windows System directory, this would go a long way to solving the
> > > issue. Currently, if the Postmaster runs as admin, anyone with
> > > access to the database could use COPY to read and write
> any file the
> > > backend can access.
> >
> > Getting rid of the admin and powerusers group should do
> that, I think.
>
> Look at pgwin32_is_admin(), it just checks if the user is
> member of one of those two groups. I think we have your
> solution right here...

Oh, I know - I wrote it :-)

You still lose in the nested group scenario.

And whlie a privilege like backup/restore can be used to overwrite any
file on the system, you must be able to execute arbitrary API calls to
do that. Whereas with admin/powerusers you can just use COPY or
whatever.

Bottom line is that pgwin32_is_admin() is far from perfect, it just
catches the most common scenarios.

//Magnus