Participants
dror
dror
Attachments

No attachments in this thread

Thread Outline
#1drordror
Aug 15, 2006
#2drordrorto dror (#1)
Aug 15, 2006

Re: [HACKERS] [Patch] - Fix for bug #2558, InitDB failed

Started by drorover 19 years ago2 messages
#1dror
dror
dror_b@hotmail.com

Hi All,

I agree with all of you that it is strange behavior, more then that :
On two win 2003 machines with the same SP and last hot fixes, on one the nul device is accessible by non admin user and on other it is not.
I also agree that the source of the problem might be something that effect the OS configuration (as a virus scanner for example).
The source of the problem and the right diagnostic is important, but right now we have problem (unknown) with the nul device on some of the system.
I don't see any risk with canceling the redirection nor with open a log file (with permission to the postgres user), if a commercial DB, as EnterpriseDB, choose this solution (Log file) I don't see any reason why not to do the same.

Does anyone know why EnterpriseDB changed the nul redirection?

Regards
Dror

Date: Tue, 15 Aug 2006 11:37:30 +0200> From: pgadmin@pse-consulting.de> To: tgl@sss.pgh.pa.us> CC: pgsql-hackers@postgresql.org; andrew@dunslane.net; pgsql-patches@postgresql.org> Subject: Re: [HACKERS] [PATCHES] [Patch] - Fix for bug #2558, InitDB failed to run> > Tom Lane wrote:> > Andrew Dunstan <andrew@dunslane.net> writes:> > > >> I am more than somewhat perplexed as to why the NUL device should be a> >> security risk ... what are they thinking??> >> > >> > Frankly, I don't believe it; even Microsoft can't be that stupid.> > And I can't find any suggestion that they've done this in a google> > search. I think the OP is misdiagnosing his problem.> > > An older message suggests that a service pack induced this problem, per> MS. I just tried it as non-admin on a W2K3 machine with recent hotfixes,> and the command "dir >nul" _did_ work for me.> Though neglected, it still sounds like a virus scanner issue to me.> > Regards,> Andreas> > > ---------------------------(end of broadcast)---------------------------> TIP 3: Have you checked our extensive FAQ?> > http://www.postgresql.org/docs/faq

_________________________________________________________________
Try Live.com: where your online world comes together - with news, sports, weather, and much more.
http://www.live.com/getstarted

#2dror
dror
dror_b@hotmail.com
In reply to: dror (#1)
Re: [PATCHES] [Patch] - Fix for bug #2558, InitDB failed

In addition to Andreas respond:
1+2) Currently the initDB is used the tmp folder to write other "Helper files" that are deleted afterwards.

The fix is suggested only for win machines ,I think that redirection is more risky (as we saw with this bug) than to do redirect output to a log file that you created and control it ,you gave the permission to and know exactly what its status (even if the reason is that some virus scanner or any other software blocked access to one device or another).
But, I suggest a new improvement:
Check the status and if the command failed than run it without redirection at all, (actually no redirection is needed in this case , you can always run the process in silent mode).

The interesting question that didn't get any answer yet is:
Why EnterpriseDB (which is based on postgress) find it important to change the redirection?Regards
Dror,

Date: Tue, 15 Aug 2006 19:10:27 +0200> From: pgadmin@pse-consulting.de> To: tgl@sss.pgh.pa.us> CC: bruce@momjian.us; pgsql-hackers@postgresql.org; andrew@dunslane.net> Subject: Re: [HACKERS] [PATCHES] [Patch] - Fix for bug #2558, InitDB failed to run> > Tom Lane wrote:> > Andreas Pflug <pgadmin@pse-consulting.de> writes:> > > >> what issues might arise if the output is redirected to a legal tmp file?> >> > >> > Well, (1) finding a place to put the temp file, ie a writable directory;> > (2) ensuring the file is removed afterwards; (3) not exposing the user> > to security hazards due to unsafe use of a temp file (ye olde> > overwrite-a-symlink risk). Perhaps a few more I didn't think of.> > > > AFAICS all DEVNULL usages result from redirecting postmaster's output,> which usually goes to $DATADIR/serverlog at runtime. If this would be> used here too, (1) is as safe as any $DATADIR, (2) is as safe as> cleaning up after failure usually is, (3) can't happen because the> directory is checked to be empty before initdb anyway. Additionally,> there's might be cases when a meaningful logfile from initdb is> desirable too. So why no redirection to initlog or so?> > Regards,> Andreas> > > > ---------------------------(end of broadcast)---------------------------> TIP 6: explain analyze is your friend

_________________________________________________________________
Try Live.com: where your online world comes together - with news, sports, weather, and much more.
http://www.live.com/getstarted

Import Notes
Resolved by subject fallback
← Back to Topics