Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"

Hi Sandeep,

PFA Naoya's patch (pg_ctl.c.patch).

Hi Naoya,

Good finding. I have attached another version of patch
(pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
code changes, can you please take a look ?. Thanks.

Best Regards,
Asif Naeem

On Mon, Oct 28, 2013 at 4:46 PM, Sandeep Thakkar <
sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:

> Hi Dave
>
> We register the service using pg_ctl. When I manually executed the
> following on the command prompt, I saw that the service path of the
> registered service did not have the pg_ctl.exe path in quotes. May be it
> should be handled in the pg_ctl code.
>
> *c:\Users\Sandeep Thakkar\Documents>*"c:\Program
> Files\PostgreSQL\9.3\bin\pg_ctl.e
> xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D "c:\Program
> Files\P
> ostgreSQL\9.3\data" -w
>
> Naoya, I could not find your patch here. Can you please share it again?
>
>
>
> On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>> Sandeep, can you look at this please? Thanks.
>>
>> On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
>> > It is related to windows unquoted service path vulnerability in the the
>> > installer that creates service path without quotes that make
>> service.exe to
>> > look for undesirable path for executable.
>> >
>> > postgresql-9.3 service path : C:/Users/asif/Desktop/Program
>> > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
>> > "C:/Users/asif/Desktop/Program files/9.3/data" -w
>> >
>> > service.exe
>> >>
>> >> C:\Users\asif\Desktop\Program NAME NOT FOUND
>> >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS
>> DENIED
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS
>> DENIED
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice
>> NAME
>> >> NOT FOUND
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
>> >> NAME NOT FOUND
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> NAME NOT FOUND
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice
>> -N.exe
>> >> NAME NOT FOUND
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3".exe NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D.exe NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data"
>> NAME
>> >> INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
>> >> NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
>> >> NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data"
>> -w.exe
>> >> NAME INVALID
>> >
>> >
>> > Fix :
>> >
>> > postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
>> > files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
>> > "C:/Users/asif/Desktop/Program files/9.3/data" -w
>> >
>> > It would be good if this is reported on pg installer forum or security
>> > forum. Thanks.
>> >
>> > Regards,
>> > Asif Naeem
>> >
>> > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
>> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> >>
>> >> Hi, Asif.
>> >>
>> >> Thank you for response.
>> >>
>> >>
>> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
>> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
>> >> > server starting
>> >>
>> >> This failure does not occur by the command line.
>> >> PostgreSQL needs to start by Windows Service.
>> >>
>> >> Additionally,In this case,
>> >> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
>> >> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
>> >> files\9.3\bin".
>> >> ------------
>> >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
>> >> ...
>> >> 4,435,456 postgres.exe
>> >> 80,896 pg_ctl.exe
>> >> ...
>> >>
>> >> C:\Users\asif\Desktopp>dir
>> >> ...
>> >> 0 Program
>> >> <DIR> Program files
>> >> ...
>> >> ------------
>> >>
>> >> Regards,
>> >> Naoya
>> >>
>> >> > Hi Naoya,
>> >> >
>> >> > I am not able to reproduce the problem. Do you mean pg windows
>> service
>> >> > installed by installer is not working or bin\pg_ctl binary is not
>> accepting
>> >> > spaces in the patch ?. Following worked for me i.e.
>> >> >
>> >> >
>> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
>> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
>> >> > server starting
>> >> >
>> >> >
>> >> > Can you please share the exact steps ?. Thanks.
>> >> >
>> >> >
>> >> > Regards,
>> >> > Muhammad Asif Naeem
>> >> >
>> >> >
>> >> >
>> >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
>> >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> >> >
>> >> >
>> >> > Hi All,
>> >> >
>> >> > I have found a case that PostgreSQL Service does not start.
>> >> > When it happens, the following error appears.
>> >> >
>> >> > "is not a valid Win32 application"
>> >> >
>> >> > This failure occurs when the following conditions are true.
>> >> >
>> >> > 1. There is "postgres.exe" in any directory that contains a
>> space,
>> >> > such as "Program Files".
>> >> >
>> >> > e.g.)
>> >> > C:\Program Files\PostgreSQL\bin\postgres.exe
>> >> >
>> >> > 2. A file using the first white space-delimited
>> >> > tokens of that directory as the file name exists,
>> >> > and there is it in the same hierarchy.
>> >> >
>> >> > e.g.)
>> >> > C:\Program //file
>> >> >
>> >> > "pg_ctl.exe" as PostgreSQL Service creates a postgres
>> >> > process using an absolute path which indicates the
>> >> > location of "postgres.exe",but the path is not enclosed
>> >> > in quotation.
>> >> >
>> >> > Therefore,if the above-mentioned conditions are true,
>> >> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
>> >> > tries to create a process using the other file such
>> >> > as "Program", so the service fails to start.
>> >> >
>> >> > Accordingly, I think that the command path should be
>> >> > enclosed in quotation.
>> >> >
>> >> > I created a patch to fix this failure,
>> >> > So could anyone confirm?
>> >> >
>> >> > Regards,
>> >> >
>> >> > Naoya
>> >> >
>> >> > ---
>> >> > Naoya Anzai
>> >> > Engineering Department
>> >> > NEC Soft, Ltd.
>> >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
>> >> > ---
>> >> >
>> >> >
>> >> > --
>> >> > Sent via pgsql-hackers mailing list (
>> pgsql-hackers(at)postgresql(dot)org)
>> >> > To make changes to your subscription:
>> >> > http://www.postgresql.org/mailpref/pgsql-hackers
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >> 以上、よろしくお願い致します。
>> >>
>> >> --------------------------------------------------------
>> >> NECソフト株式会社
>> >> PFシステム事業部 テーマソフト開発G
>> >> 安西 直也
>> >>
>> >> 外線(03)5534-2353
>> >> 内線(8)57-40364
>> >> Mail:NES-N2363
>> >> E-mail:anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
>> >> --------------------------------------------------------
>> >> ≪本メールの取り扱い≫
>> >> ・区分：秘密
>> >> ・開示：必要最小限で可
>> >> ・持出：禁止
>> >> ・期限：無期限
>> >> ・用済後：廃棄
>> >>
>> >>
>> >>
>>
>>
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>>
>
>
>
> --
> Sandeep Thakkar
> Senior Software Engineer
>
>
> Phone: +91.20.30589505
>
> Website: www.enterprisedb.com
> EnterpriseDB Blog: http://blogs.enterprisedb.com/
> Follow us on Twitter: http://www.twitter.com/enterprisedb
>
>
>