Re: Re: BUG #13755: pgwin32_is_service not checking if SECURITY_SERVICE_SID is disabled

On Tue, Nov 22, 2016 at 1:58 PM, Tsunakawa, Takayuki
<tsunakawa.takay@jp.fujitsu.com> wrote:
> From: Craig Ringer [mailto:craig@2ndquadrant.com]
>> You meant CheckTokenMembership().
>
> Yes, my typo in the mail.
>
>> The proposed patch does need to be checked with:
>
> I understood you meant by "refuse to run" that postgres.exe fails to start below.  Yes, I checked it on Win10.  I
don'thave access to WinXP/2003 - Microsoft ended their support.
 
>
>         if (pgwin32_is_admin())
>         {
>                 write_stderr("Execution of PostgreSQL by a user with administrative permissions is not\n"
>                                          "permitted.\n"
>                                          "The server must be started under an unprivileged user ID to prevent\n"
>                  "possible system security compromises.  See the documentation for\n"
>                                   "more information on how to properly start the server.\n");
>                 exit(1);
>         }

I have moved that to next CF. The refactoring patch needs more testing
but the basic fix patch could be applied.
-- 
Michael