Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"

Yes. It should not be installer issue as installer is using pg_ctl to
register and run the service on Windows. Thanks.

Best Regards,
Muhammad Asif Naeem

On Tue, Oct 29, 2013 at 9:57 AM, Sandeep Thakkar <
sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:

> So, this is not an installer issue. Is this bug raised to the PostgreSQL
> community? If yes, you should submit the patch there.
>
>
> On Tue, Oct 29, 2013 at 6:23 AM, Naoya Anzai <
> anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>
>> Hi, Asif
>>
>> Thank you for providing my patch (pg_ctl.c.patch) to Sandeep on my behalf.
>>
>> > Good finding. I have attached another version of patch
>> (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
>> code changes, can you please take a look ?. Thanks.
>>
>> I think your patch is not sufficient to fix.
>> Not only "pg_ctl.exe" but "postgres.exe" also have the same problem.
>> Even if your patch is attached,
>> A Path of "postgres.exe" passed to CreateRestrictedProcess is not
>> enclosed in quotation.(See pgwin32_ServiceMain at pg_ctl.c)
>>
>> So, processing enclosed in quotation should do in both conditions.
>>
>> Regards,
>> Naoya
>>
>> ---
>> Naoya Anzai
>> Engineering Department
>> NEC Soft, Ltd.
>> E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
>> ---
>>
>>
>> > Hi Sandeep,
>> >
>> > PFA Naoya's patch (pg_ctl.c.patch).
>> >
>> > Hi Naoya,
>> >
>> > Good finding. I have attached another version of patch
>> (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
>> code changes, can you please take a look ?. Thanks.
>> >
>> > Best Regards,
>> > Asif Naeem
>> >
>> >
>> > On Mon, Oct 28, 2013 at 4:46 PM, Sandeep Thakkar <
>> sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:
>> >
>> >
>> > Hi Dave
>> >
>> > We register the service using pg_ctl. When I manually executed
>> the following on the command prompt, I saw that the service path of the
>> registered service did not have the pg_ctl.exe path in quotes. May be it
>> should be handled in the pg_ctl code.
>> >
>> > c:\Users\Sandeep Thakkar\Documents>"c:\Program
>> Files\PostgreSQL\9.3\bin\pg_ctl.e
>> > xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D
>> "c:\Program Files\P
>> > ostgreSQL\9.3\data" -w
>> >
>> > Naoya, I could not find your patch here. Can you please share it
>> again?
>> >
>> >
>> >
>> > On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dpage(at)pgadmin(dot)org>
>> wrote:
>> >
>> >
>> > Sandeep, can you look at this please? Thanks.
>> >
>> > On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <
>> anaeem(dot)it(at)gmail(dot)com> wrote:
>> > > It is related to windows unquoted service path
>> vulnerability in the the
>> > > installer that creates service path without quotes that
>> make service.exe to
>> > > look for undesirable path for executable.
>> > >
>> > > postgresql-9.3 service path :
>> C:/Users/asif/Desktop/Program
>> > > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3"
>> -D
>> > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
>> > >
>> > > service.exe
>> > >>
>> > >> C:\Users\asif\Desktop\Program NAME NOT FOUND
>> > >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> ACCESS DENIED
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> ACCESS DENIED
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice NAME
>> > >> NOT FOUND
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice.exe
>> > >> NAME NOT FOUND
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> NAME NOT FOUND
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N.exe
>> > >> NAME NOT FOUND
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3".exe NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D.exe NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
>> NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe
>> NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
>> files\9.3\data" NAME
>> > >> INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
>> files\9.3\data".exe
>> > >> NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
>> files\9.3\data" -w
>> > >> NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
>> files\9.3\data" -w.exe
>> > >> NAME INVALID
>> > >
>> > >
>> > > Fix :
>> > >
>> > > postgresql-9.3 service path :
>> "C:/Users/asif/Desktop/Program
>> > > files/9.3/bin/pg_ctl.exe" runservice -N
>> "postgresql-9.3" -D
>> > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
>> > >
>> > > It would be good if this is reported on pg installer
>> forum or security
>> > > forum. Thanks.
>> > >
>> > > Regards,
>> > > Asif Naeem
>> > >
>> > > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
>> > > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> > >>
>> > >> Hi, Asif.
>> > >>
>> > >> Thank you for response.
>> > >>
>> > >>
>> > >> > C:\Users\asif\Desktop\Program
>> files\9.3>"bin\pg_ctl" -D
>> > >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l
>> logfile start
>> > >> > server starting
>> > >>
>> > >> This failure does not occur by the command line.
>> > >> PostgreSQL needs to start by Windows Service.
>> > >>
>> > >> Additionally,In this case,
>> > >> A file "Program" needs to be exist at
>> "C:\Users\asif\Desktop\", and
>> > >> "postgres.exe" needs to be exist at
>> "C:\Users\asif\Desktop\Program
>> > >> files\9.3\bin".
>> > >> ------------
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
>> > >> ...
>> > >> 4,435,456 postgres.exe
>> > >> 80,896 pg_ctl.exe
>> > >> ...
>> > >>
>> > >> C:\Users\asif\Desktopp>dir
>> > >> ...
>> > >> 0 Program
>> > >> <DIR> Program files
>> > >> ...
>> > >> ------------
>> > >>
>> > >> Regards,
>> > >> Naoya
>> > >>
>> > >> > Hi Naoya,
>> > >> >
>> > >> > I am not able to reproduce the problem. Do you mean
>> pg windows service
>> > >> > installed by installer is not working or bin\pg_ctl
>> binary is not accepting
>> > >> > spaces in the patch ?. Following worked for me i.e.
>> > >> >
>> > >> >
>> > >> > C:\Users\asif\Desktop\Program
>> files\9.3>"bin\pg_ctl" -D
>> > >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l
>> logfile start
>> > >> > server starting
>> > >> >
>> > >> >
>> > >> > Can you please share the exact steps ?. Thanks.
>> > >> >
>> > >> >
>> > >> > Regards,
>> > >> > Muhammad Asif Naeem
>> > >> >
>> > >> >
>> > >> >
>> > >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
>> > >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> > >> >
>> > >> >
>> > >> > Hi All,
>> > >> >
>> > >> > I have found a case that PostgreSQL Service
>> does not start.
>> > >> > When it happens, the following error appears.
>> > >> >
>> > >> > "is not a valid Win32 application"
>> > >> >
>> > >> > This failure occurs when the following
>> conditions are true.
>> > >> >
>> > >> > 1. There is "postgres.exe" in any directory
>> that contains a space,
>> > >> > such as "Program Files".
>> > >> >
>> > >> > e.g.)
>> > >> > C:\Program Files\PostgreSQL\bin\postgres.exe
>> > >> >
>> > >> > 2. A file using the first white space-delimited
>> > >> > tokens of that directory as the file name
>> exists,
>> > >> > and there is it in the same hierarchy.
>> > >> >
>> > >> > e.g.)
>> > >> > C:\Program //file
>> > >> >
>> > >> > "pg_ctl.exe" as PostgreSQL Service creates a
>> postgres
>> > >> > process using an absolute path which indicates
>> the
>> > >> > location of "postgres.exe",but the path is not
>> enclosed
>> > >> > in quotation.
>> > >> >
>> > >> > Therefore,if the above-mentioned conditions
>> are true,
>> > >> > CreateProcessAsUser(a Windows Function called
>> by pg_ctl.exe)
>> > >> > tries to create a process using the other file
>> such
>> > >> > as "Program", so the service fails to start.
>> > >> >
>> > >> > Accordingly, I think that the command path
>> should be
>> > >> > enclosed in quotation.
>> > >> >
>> > >> > I created a patch to fix this failure,
>> > >> > So could anyone confirm?
>> > >> >
>> > >> > Regards,
>> > >> >
>> > >> > Naoya
>> > >> >
>> > >> > ---
>> > >> > Naoya Anzai
>> > >> > Engineering Department
>> > >> > NEC Soft, Ltd.
>> > >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
>> > >> > ---
>> > >> >
>> > >> >
>> > >> > --
>> > >> > Sent via pgsql-hackers mailing list (
>> pgsql-hackers(at)postgresql(dot)org)
>> > >> > To make changes to your subscription:
>> > >> >
>> http://www.postgresql.org/mailpref/pgsql-hackers
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> >>
>> >
>> >
>> > --
>> > Dave Page
>> > Blog: http://pgsnake.blogspot.com
>> > Twitter: @pgsnake
>> >
>> > EnterpriseDB UK: http://www.enterprisedb.com
>> > The Enterprise PostgreSQL Company
>> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > Sandeep Thakkar
>> > Senior Software Engineer
>> >
>> >
>> > Phone: +91.20.30589505 <tel:%2B91.20.30589505>
>> >
>> > Website: www.enterprisedb.com
>> > EnterpriseDB Blog: http://blogs.enterprisedb.com/
>> > Follow us on Twitter: http://www.twitter.com/enterprisedb
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>>
>>
>
>
> --
> Sandeep Thakkar
> Senior Software Engineer
>
>
> Phone: +91.20.30589505
>
>
> Website: www.enterprisedb.com
> EnterpriseDB Blog: http://blogs.enterprisedb.com/
> Follow us on Twitter: http://www.twitter.com/enterprisedb
>
>