Quick Links

PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"

Lists:	pgsql-hackers

From:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
To:	"pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Cc:	Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-28 05:26:58
Message-ID:	116262CF971C844FB6E793F8809B51C6B2C488@BPXM02GP.gisp.nec.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi All,

I have found a case that PostgreSQL Service does not start.
When it happens, the following error appears.

"is not a valid Win32 application"

This failure occurs when the following conditions are true.

1. There is "postgres.exe" in any directory that contains a space,
such as "Program Files".

e.g.)
C:\Program Files\PostgreSQL\bin\postgres.exe

2. A file using the first white space-delimited
tokens of that directory as the file name exists,
and there is it in the same hierarchy.

e.g.)
C:\Program //file

"pg_ctl.exe" as PostgreSQL Service creates a postgres
process using an absolute path which indicates the
location of "postgres.exe",but the path is not enclosed
in quotation.

Therefore,if the above-mentioned conditions are true,
CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
tries to create a process using the other file such
as "Program", so the service fails to start.

Accordingly, I think that the command path should be
enclosed in quotation.

I created a patch to fix this failure,
So could anyone confirm?

Regards,

Naoya

---
Naoya Anzai
Engineering Department
NEC Soft, Ltd.
E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
---

Attachment	Content-Type	Size
pg_ctl.c.patch	application/octet-stream	1.1 KB

From:	Asif Naeem <anaeem(dot)it(at)gmail(dot)com>
To:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
Cc:	"pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-28 06:00:50
Message-ID:	CAEB4t-ND-oA_eGF+KhMhOqvSD1+g_k=3hN=kOigii81k74DFuw@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi Naoya,

I am not able to reproduce the problem. Do you mean pg windows service
installed by installer is not working or bin\pg_ctl binary is not accepting
spaces in the patch ?. Following worked for me i.e.

C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> server starting

Can you please share the exact steps ?. Thanks.

Regards,
Muhammad Asif Naeem

On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> wrote:

> Hi All,
>
> I have found a case that PostgreSQL Service does not start.
> When it happens, the following error appears.
>
> "is not a valid Win32 application"
>
> This failure occurs when the following conditions are true.
>
> 1. There is "postgres.exe" in any directory that contains a space,
> such as "Program Files".
>
> e.g.)
> C:\Program Files\PostgreSQL\bin\postgres.exe
>
> 2. A file using the first white space-delimited
> tokens of that directory as the file name exists,
> and there is it in the same hierarchy.
>
> e.g.)
> C:\Program //file
>
> "pg_ctl.exe" as PostgreSQL Service creates a postgres
> process using an absolute path which indicates the
> location of "postgres.exe",but the path is not enclosed
> in quotation.
>
> Therefore,if the above-mentioned conditions are true,
> CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
> tries to create a process using the other file such
> as "Program", so the service fails to start.
>
> Accordingly, I think that the command path should be
> enclosed in quotation.
>
> I created a patch to fix this failure,
> So could anyone confirm?
>
> Regards,
>
> Naoya
>
> ---
> Naoya Anzai
> Engineering Department
> NEC Soft, Ltd.
> E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> ---
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
>

From:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
To:	Asif Naeem <anaeem(dot)it(at)gmail(dot)com>
Cc:	"pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-28 07:06:34
Message-ID:	116262CF971C844FB6E793F8809B51C6B2C546@BPXM02GP.gisp.nec.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi, Asif.

Thank you for response.

> C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> server starting

This failure does not occur by the command line.
PostgreSQL needs to start by Windows Service.

Additionally,In this case,
A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
"postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program files\9.3\bin".
------------
C:\Users\asif\Desktop\Program files\9.3\bin>dir
...
4,435,456 postgres.exe
80,896 pg_ctl.exe
...

C:\Users\asif\Desktopp>dir
...
0 Program
<DIR> Program files
...
------------

Regards,
Naoya

> Hi Naoya,
>
> I am not able to reproduce the problem. Do you mean pg windows service installed by installer is not working or bin\pg_ctl binary is not accepting spaces in the patch ?. Following worked for me i.e.
>
>
> C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> server starting
>
>
> Can you please share the exact steps ?. Thanks.
>
>
> Regards,
> Muhammad Asif Naeem
>
>
>
> On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>
>
> Hi All,
>
> I have found a case that PostgreSQL Service does not start.
> When it happens, the following error appears.
>
> "is not a valid Win32 application"
>
> This failure occurs when the following conditions are true.
>
> 1. There is "postgres.exe" in any directory that contains a space,
> such as "Program Files".
>
> e.g.)
> C:\Program Files\PostgreSQL\bin\postgres.exe
>
> 2. A file using the first white space-delimited
> tokens of that directory as the file name exists,
> and there is it in the same hierarchy.
>
> e.g.)
> C:\Program //file
>
> "pg_ctl.exe" as PostgreSQL Service creates a postgres
> process using an absolute path which indicates the
> location of "postgres.exe",but the path is not enclosed
> in quotation.
>
> Therefore,if the above-mentioned conditions are true,
> CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
> tries to create a process using the other file such
> as "Program", so the service fails to start.
>
> Accordingly, I think that the command path should be
> enclosed in quotation.
>
> I created a patch to fix this failure,
> So could anyone confirm?
>
> Regards,
>
> Naoya
>
> ---
> Naoya Anzai
> Engineering Department
> NEC Soft, Ltd.
> E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> ---
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
>
>
>
>

以上、よろしくお願い致します。

--------------------------------------------------------
NECソフト株式会社
PFシステム事業部テーマソフト開発G
安西直也

外線(03)5534-2353
内線(8)57-40364
Mail:NES-N2363
E-mail:anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
--------------------------------------------------------
≪本メールの取り扱い≫
・区分：秘密
・開示：必要最小限で可
・持出：禁止
・期限：無期限
・用済後：廃棄

From:	Asif Naeem <anaeem(dot)it(at)gmail(dot)com>
To:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
Cc:	"pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-28 08:18:53
Message-ID:	CAEB4t-MF9=tcjwTP55-3Fk62RZ1s2OQk6D5Ap22Tto34SiZKow@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

It is related to windows unquoted service path vulnerability in the the
installer that creates service path without quotes that make service.exe to
look for undesirable path for executable.

postgresql-9.3 service path : C:/Users/asif/Desktop/Program
files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
"C:/Users/asif/Desktop/Program files/9.3/data" -w

service.exe

> C:\Users\asif\Desktop\Program NAME NOT FOUND
> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
>
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice NAME
> NOT FOUND
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
> NAME NOT FOUND
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> NAME NOT FOUND
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N.exe
> NAME NOT FOUND
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3".exe NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D.exe NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" NAME
> INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
> NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
> NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w.exe
> NAME INVALID

Fix :

postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
"C:/Users/asif/Desktop/Program files/9.3/data" -w

It would be good if this is reported on pg installer forum or security
forum. Thanks.

Regards,
Asif Naeem

On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
wrote:
>
> Hi, Asif.
>
> Thank you for response.
>
>
> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
"C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> > server starting
>
> This failure does not occur by the command line.
> PostgreSQL needs to start by Windows Service.
>
> Additionally,In this case,
> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
files\9.3\bin".
> ------------
> C:\Users\asif\Desktop\Program files\9.3\bin>dir
> ...
> 4,435,456 postgres.exe
> 80,896 pg_ctl.exe
> ...
>
> C:\Users\asif\Desktopp>dir
> ...
> 0 Program
> <DIR> Program files
> ...
> ------------
>
> Regards,
> Naoya
>
> > Hi Naoya,
> >
> > I am not able to reproduce the problem. Do you mean pg windows service
installed by installer is not working or bin\pg_ctl binary is not accepting
spaces in the patch ?. Following worked for me i.e.
> >
> >
> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
"C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> > server starting
> >
> >
> > Can you please share the exact steps ?. Thanks.
> >
> >
> > Regards,
> > Muhammad Asif Naeem
> >
> >
> >
> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai <
anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >
> >
> > Hi All,
> >
> > I have found a case that PostgreSQL Service does not start.
> > When it happens, the following error appears.
> >
> > "is not a valid Win32 application"
> >
> > This failure occurs when the following conditions are true.
> >
> > 1. There is "postgres.exe" in any directory that contains a space,
> > such as "Program Files".
> >
> > e.g.)
> > C:\Program Files\PostgreSQL\bin\postgres.exe
> >
> > 2. A file using the first white space-delimited
> > tokens of that directory as the file name exists,
> > and there is it in the same hierarchy.
> >
> > e.g.)
> > C:\Program //file
> >
> > "pg_ctl.exe" as PostgreSQL Service creates a postgres
> > process using an absolute path which indicates the
> > location of "postgres.exe",but the path is not enclosed
> > in quotation.
> >
> > Therefore,if the above-mentioned conditions are true,
> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
> > tries to create a process using the other file such
> > as "Program", so the service fails to start.
> >
> > Accordingly, I think that the command path should be
> > enclosed in quotation.
> >
> > I created a patch to fix this failure,
> > So could anyone confirm?
> >
> > Regards,
> >
> > Naoya
> >
> > ---
> > Naoya Anzai
> > Engineering Department
> > NEC Soft, Ltd.
> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> > ---
> >
> >
> > --
> > Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> > To make changes to your subscription:
> > http://www.postgresql.org/mailpref/pgsql-hackers
> >
> >
> >
> >
> >
>
> 以上、よろしくお願い致します。
>
> --------------------------------------------------------
> NECソフト株式会社
> PFシステム事業部テーマソフト開発G
> 安西直也
>
> 外線(03)5534-2353
> 内線(8)57-40364
> Mail:NES-N2363
> E-mail:anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> --------------------------------------------------------
> ≪本メールの取り扱い≫
> ・区分：秘密
> ・開示：必要最小限で可
> ・持出：禁止
> ・期限：無期限
> ・用済後：廃棄
>
>
>

From:	Dave Page <dpage(at)pgadmin(dot)org>
To:	Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
Cc:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-28 09:23:58
Message-ID:	CA+OCxoy0RL1JrPnHQUw7YnC6UmsnhdNA+xMaCLjsHY4uc0HRRw@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Sandeep, can you look at this please? Thanks.

On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
> It is related to windows unquoted service path vulnerability in the the
> installer that creates service path without quotes that make service.exe to
> look for undesirable path for executable.
>
> postgresql-9.3 service path : C:/Users/asif/Desktop/Program
> files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
> "C:/Users/asif/Desktop/Program files/9.3/data" -w
>
> service.exe
>>
>> C:\Users\asif\Desktop\Program NAME NOT FOUND
>> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice NAME
>> NOT FOUND
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
>> NAME NOT FOUND
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> NAME NOT FOUND
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N.exe
>> NAME NOT FOUND
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3".exe NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D.exe NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" NAME
>> INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
>> NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
>> NAME INVALID
>> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w.exe
>> NAME INVALID
>
>
> Fix :
>
> postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
> files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
> "C:/Users/asif/Desktop/Program files/9.3/data" -w
>
> It would be good if this is reported on pg installer forum or security
> forum. Thanks.
>
> Regards,
> Asif Naeem
>
> On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
> <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>>
>> Hi, Asif.
>>
>> Thank you for response.
>>
>>
>> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
>> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
>> > server starting
>>
>> This failure does not occur by the command line.
>> PostgreSQL needs to start by Windows Service.
>>
>> Additionally,In this case,
>> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
>> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
>> files\9.3\bin".
>> ------------
>> C:\Users\asif\Desktop\Program files\9.3\bin>dir
>> ...
>> 4,435,456 postgres.exe
>> 80,896 pg_ctl.exe
>> ...
>>
>> C:\Users\asif\Desktopp>dir
>> ...
>> 0 Program
>> <DIR> Program files
>> ...
>> ------------
>>
>> Regards,
>> Naoya
>>
>> > Hi Naoya,
>> >
>> > I am not able to reproduce the problem. Do you mean pg windows service
>> > installed by installer is not working or bin\pg_ctl binary is not accepting
>> > spaces in the patch ?. Following worked for me i.e.
>> >
>> >
>> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
>> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
>> > server starting
>> >
>> >
>> > Can you please share the exact steps ?. Thanks.
>> >
>> >
>> > Regards,
>> > Muhammad Asif Naeem
>> >
>> >
>> >
>> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
>> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> >
>> >
>> > Hi All,
>> >
>> > I have found a case that PostgreSQL Service does not start.
>> > When it happens, the following error appears.
>> >
>> > "is not a valid Win32 application"
>> >
>> > This failure occurs when the following conditions are true.
>> >
>> > 1. There is "postgres.exe" in any directory that contains a space,
>> > such as "Program Files".
>> >
>> > e.g.)
>> > C:\Program Files\PostgreSQL\bin\postgres.exe
>> >
>> > 2. A file using the first white space-delimited
>> > tokens of that directory as the file name exists,
>> > and there is it in the same hierarchy.
>> >
>> > e.g.)
>> > C:\Program //file
>> >
>> > "pg_ctl.exe" as PostgreSQL Service creates a postgres
>> > process using an absolute path which indicates the
>> > location of "postgres.exe",but the path is not enclosed
>> > in quotation.
>> >
>> > Therefore,if the above-mentioned conditions are true,
>> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
>> > tries to create a process using the other file such
>> > as "Program", so the service fails to start.
>> >
>> > Accordingly, I think that the command path should be
>> > enclosed in quotation.
>> >
>> > I created a patch to fix this failure,
>> > So could anyone confirm?
>> >
>> > Regards,
>> >
>> > Naoya
>> >
>> > ---
>> > Naoya Anzai
>> > Engineering Department
>> > NEC Soft, Ltd.
>> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
>> > ---
>> >
>> >
>> > --
>> > Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
>> > To make changes to your subscription:
>> > http://www.postgresql.org/mailpref/pgsql-hackers
>> >
>> >
>> >
>> >
>> >
>>
>> 以上、よろしくお願い致します。
>>
>> --------------------------------------------------------
>> NECソフト株式会社
>> PFシステム事業部テーマソフト開発G
>> 安西直也
>>
>> 外線(03)5534-2353
>> 内線(8)57-40364
>> Mail:NES-N2363
>> E-mail:anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
>> --------------------------------------------------------
>> ≪本メールの取り扱い≫
>> ・区分：秘密
>> ・開示：必要最小限で可
>> ・持出：禁止
>> ・期限：無期限
>> ・用済後：廃棄
>>
>>
>>

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

From:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
To:	Dave Page <dpage(at)pgadmin(dot)org>
Cc:	Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-28 11:46:41
Message-ID:	CANFyU97F-9dWyykdP1sRs5aB4U-zN03JJpX6-zGGXnRZRYHGNA@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi Dave

We register the service using pg_ctl. When I manually executed the
following on the command prompt, I saw that the service path of the
registered service did not have the pg_ctl.exe path in quotes. May be it
should be handled in the pg_ctl code.

*c:\Users\Sandeep Thakkar\Documents>*"c:\Program
Files\PostgreSQL\9.3\bin\pg_ctl.e
xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D "c:\Program
Files\P
ostgreSQL\9.3\data" -w

Naoya, I could not find your patch here. Can you please share it again?

On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:

> Sandeep, can you look at this please? Thanks.
>
> On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
> > It is related to windows unquoted service path vulnerability in the the
> > installer that creates service path without quotes that make service.exe
> to
> > look for undesirable path for executable.
> >
> > postgresql-9.3 service path : C:/Users/asif/Desktop/Program
> > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
> > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> >
> > service.exe
> >>
> >> C:\Users\asif\Desktop\Program NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice
> NAME
> >> NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
> >> NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N.exe
> >> NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3".exe NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D.exe NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data"
> NAME
> >> INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
> >> NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
> >> NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data"
> -w.exe
> >> NAME INVALID
> >
> >
> > Fix :
> >
> > postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
> > files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
> > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> >
> > It would be good if this is reported on pg installer forum or security
> > forum. Thanks.
> >
> > Regards,
> > Asif Naeem
> >
> > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >>
> >> Hi, Asif.
> >>
> >> Thank you for response.
> >>
> >>
> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> >> > server starting
> >>
> >> This failure does not occur by the command line.
> >> PostgreSQL needs to start by Windows Service.
> >>
> >> Additionally,In this case,
> >> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
> >> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
> >> files\9.3\bin".
> >> ------------
> >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
> >> ...
> >> 4,435,456 postgres.exe
> >> 80,896 pg_ctl.exe
> >> ...
> >>
> >> C:\Users\asif\Desktopp>dir
> >> ...
> >> 0 Program
> >> <DIR> Program files
> >> ...
> >> ------------
> >>
> >> Regards,
> >> Naoya
> >>
> >> > Hi Naoya,
> >> >
> >> > I am not able to reproduce the problem. Do you mean pg windows service
> >> > installed by installer is not working or bin\pg_ctl binary is not
> accepting
> >> > spaces in the patch ?. Following worked for me i.e.
> >> >
> >> >
> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> >> > server starting
> >> >
> >> >
> >> > Can you please share the exact steps ?. Thanks.
> >> >
> >> >
> >> > Regards,
> >> > Muhammad Asif Naeem
> >> >
> >> >
> >> >
> >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
> >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >> >
> >> >
> >> > Hi All,
> >> >
> >> > I have found a case that PostgreSQL Service does not start.
> >> > When it happens, the following error appears.
> >> >
> >> > "is not a valid Win32 application"
> >> >
> >> > This failure occurs when the following conditions are true.
> >> >
> >> > 1. There is "postgres.exe" in any directory that contains a
> space,
> >> > such as "Program Files".
> >> >
> >> > e.g.)
> >> > C:\Program Files\PostgreSQL\bin\postgres.exe
> >> >
> >> > 2. A file using the first white space-delimited
> >> > tokens of that directory as the file name exists,
> >> > and there is it in the same hierarchy.
> >> >
> >> > e.g.)
> >> > C:\Program //file
> >> >
> >> > "pg_ctl.exe" as PostgreSQL Service creates a postgres
> >> > process using an absolute path which indicates the
> >> > location of "postgres.exe",but the path is not enclosed
> >> > in quotation.
> >> >
> >> > Therefore,if the above-mentioned conditions are true,
> >> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
> >> > tries to create a process using the other file such
> >> > as "Program", so the service fails to start.
> >> >
> >> > Accordingly, I think that the command path should be
> >> > enclosed in quotation.
> >> >
> >> > I created a patch to fix this failure,
> >> > So could anyone confirm?
> >> >
> >> > Regards,
> >> >
> >> > Naoya
> >> >
> >> > ---
> >> > Naoya Anzai
> >> > Engineering Department
> >> > NEC Soft, Ltd.
> >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> >> > ---
> >> >
> >> >
> >> > --
> >> > Sent via pgsql-hackers mailing list (
> pgsql-hackers(at)postgresql(dot)org)
> >> > To make changes to your subscription:
> >> > http://www.postgresql.org/mailpref/pgsql-hackers
> >> >
> >> >
> >> >
> >> >
> >> >
> >>
> >> 以上、よろしくお願い致します。
> >>
> >> --------------------------------------------------------
> >> NECソフト株式会社
> >> PFシステム事業部テーマソフト開発G
> >> 安西直也
> >>
> >> 外線(03)5534-2353
> >> 内線(8)57-40364
> >> Mail:NES-N2363
> >> E-mail:anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> >> --------------------------------------------------------
> >> ≪本メールの取り扱い≫
> >> ・区分：秘密
> >> ・開示：必要最小限で可
> >> ・持出：禁止
> >> ・期限：無期限
> >> ・用済後：廃棄
> >>
> >>
> >>
>
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>

--
Sandeep Thakkar
Senior Software Engineer

Phone: +91.20.30589505

Website: www.enterprisedb.com
EnterpriseDB Blog: http://blogs.enterprisedb.com/
Follow us on Twitter: http://www.twitter.com/enterprisedb

From:	Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>
To:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
Cc:	Dave Page <dpage(at)pgadmin(dot)org>, Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-28 21:08:25
Message-ID:	CACDUQd-7gn2+YY5P4A_d_XYgMvM+UoYYNJ3oQ8PhHgHmsGVrmQ@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi Sandeep,

PFA Naoya's patch (pg_ctl.c.patch).

Hi Naoya,

Good finding. I have attached another version of patch
(pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
code changes, can you please take a look ?. Thanks.

Best Regards,
Asif Naeem

On Mon, Oct 28, 2013 at 4:46 PM, Sandeep Thakkar <
sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:

> Hi Dave
>
> We register the service using pg_ctl. When I manually executed the
> following on the command prompt, I saw that the service path of the
> registered service did not have the pg_ctl.exe path in quotes. May be it
> should be handled in the pg_ctl code.
>
> *c:\Users\Sandeep Thakkar\Documents>*"c:\Program
> Files\PostgreSQL\9.3\bin\pg_ctl.e
> xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D "c:\Program
> Files\P
> ostgreSQL\9.3\data" -w
>
> Naoya, I could not find your patch here. Can you please share it again?
>
>
>
> On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>> Sandeep, can you look at this please? Thanks.
>>
>> On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
>> > It is related to windows unquoted service path vulnerability in the the
>> > installer that creates service path without quotes that make
>> service.exe to
>> > look for undesirable path for executable.
>> >
>> > postgresql-9.3 service path : C:/Users/asif/Desktop/Program
>> > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
>> > "C:/Users/asif/Desktop/Program files/9.3/data" -w
>> >
>> > service.exe
>> >>
>> >> C:\Users\asif\Desktop\Program NAME NOT FOUND
>> >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS
>> DENIED
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS
>> DENIED
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice
>> NAME
>> >> NOT FOUND
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
>> >> NAME NOT FOUND
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> NAME NOT FOUND
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice
>> -N.exe
>> >> NAME NOT FOUND
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3".exe NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D.exe NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data"
>> NAME
>> >> INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
>> >> NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
>> >> NAME INVALID
>> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
>> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data"
>> -w.exe
>> >> NAME INVALID
>> >
>> >
>> > Fix :
>> >
>> > postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
>> > files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
>> > "C:/Users/asif/Desktop/Program files/9.3/data" -w
>> >
>> > It would be good if this is reported on pg installer forum or security
>> > forum. Thanks.
>> >
>> > Regards,
>> > Asif Naeem
>> >
>> > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
>> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> >>
>> >> Hi, Asif.
>> >>
>> >> Thank you for response.
>> >>
>> >>
>> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
>> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
>> >> > server starting
>> >>
>> >> This failure does not occur by the command line.
>> >> PostgreSQL needs to start by Windows Service.
>> >>
>> >> Additionally,In this case,
>> >> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
>> >> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
>> >> files\9.3\bin".
>> >> ------------
>> >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
>> >> ...
>> >> 4,435,456 postgres.exe
>> >> 80,896 pg_ctl.exe
>> >> ...
>> >>
>> >> C:\Users\asif\Desktopp>dir
>> >> ...
>> >> 0 Program
>> >> <DIR> Program files
>> >> ...
>> >> ------------
>> >>
>> >> Regards,
>> >> Naoya
>> >>
>> >> > Hi Naoya,
>> >> >
>> >> > I am not able to reproduce the problem. Do you mean pg windows
>> service
>> >> > installed by installer is not working or bin\pg_ctl binary is not
>> accepting
>> >> > spaces in the patch ?. Following worked for me i.e.
>> >> >
>> >> >
>> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
>> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
>> >> > server starting
>> >> >
>> >> >
>> >> > Can you please share the exact steps ?. Thanks.
>> >> >
>> >> >
>> >> > Regards,
>> >> > Muhammad Asif Naeem
>> >> >
>> >> >
>> >> >
>> >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
>> >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> >> >
>> >> >
>> >> > Hi All,
>> >> >
>> >> > I have found a case that PostgreSQL Service does not start.
>> >> > When it happens, the following error appears.
>> >> >
>> >> > "is not a valid Win32 application"
>> >> >
>> >> > This failure occurs when the following conditions are true.
>> >> >
>> >> > 1. There is "postgres.exe" in any directory that contains a
>> space,
>> >> > such as "Program Files".
>> >> >
>> >> > e.g.)
>> >> > C:\Program Files\PostgreSQL\bin\postgres.exe
>> >> >
>> >> > 2. A file using the first white space-delimited
>> >> > tokens of that directory as the file name exists,
>> >> > and there is it in the same hierarchy.
>> >> >
>> >> > e.g.)
>> >> > C:\Program //file
>> >> >
>> >> > "pg_ctl.exe" as PostgreSQL Service creates a postgres
>> >> > process using an absolute path which indicates the
>> >> > location of "postgres.exe",but the path is not enclosed
>> >> > in quotation.
>> >> >
>> >> > Therefore,if the above-mentioned conditions are true,
>> >> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
>> >> > tries to create a process using the other file such
>> >> > as "Program", so the service fails to start.
>> >> >
>> >> > Accordingly, I think that the command path should be
>> >> > enclosed in quotation.
>> >> >
>> >> > I created a patch to fix this failure,
>> >> > So could anyone confirm?
>> >> >
>> >> > Regards,
>> >> >
>> >> > Naoya
>> >> >
>> >> > ---
>> >> > Naoya Anzai
>> >> > Engineering Department
>> >> > NEC Soft, Ltd.
>> >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
>> >> > ---
>> >> >
>> >> >
>> >> > --
>> >> > Sent via pgsql-hackers mailing list (
>> pgsql-hackers(at)postgresql(dot)org)
>> >> > To make changes to your subscription:
>> >> > http://www.postgresql.org/mailpref/pgsql-hackers
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >> 以上、よろしくお願い致します。
>> >>
>> >> --------------------------------------------------------
>> >> NECソフト株式会社
>> >> PFシステム事業部テーマソフト開発G
>> >> 安西直也
>> >>
>> >> 外線(03)5534-2353
>> >> 内線(8)57-40364
>> >> Mail:NES-N2363
>> >> E-mail:anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
>> >> --------------------------------------------------------
>> >> ≪本メールの取り扱い≫
>> >> ・区分：秘密
>> >> ・開示：必要最小限で可
>> >> ・持出：禁止
>> >> ・期限：無期限
>> >> ・用済後：廃棄
>> >>
>> >>
>> >>
>>
>>
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>>
>
>
>
> --
> Sandeep Thakkar
> Senior Software Engineer
>
>
> Phone: +91.20.30589505
>
> Website: www.enterprisedb.com
> EnterpriseDB Blog: http://blogs.enterprisedb.com/
> Follow us on Twitter: http://www.twitter.com/enterprisedb
>
>
>

Attachment	Content-Type	Size
pg_ctl.c.patch	application/octet-stream	1.1 KB
pg_ctl.c_windows_vulnerability.patch	application/octet-stream	749 bytes

From:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
To:	Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>
Cc:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-29 00:53:41
Message-ID:	116262CF971C844FB6E793F8809B51C6B2CCFD@BPXM02GP.gisp.nec.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi, Asif

Thank you for providing my patch (pg_ctl.c.patch) to Sandeep on my behalf.

> Good finding. I have attached another version of patch (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of code changes, can you please take a look ?. Thanks.

I think your patch is not sufficient to fix.
Not only "pg_ctl.exe" but "postgres.exe" also have the same problem.
Even if your patch is attached,
A Path of "postgres.exe" passed to CreateRestrictedProcess is not enclosed in quotation.(See pgwin32_ServiceMain at pg_ctl.c)

So, processing enclosed in quotation should do in both conditions.

Regards,
Naoya

---
Naoya Anzai
Engineering Department
NEC Soft, Ltd.
E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
---

> Hi Sandeep,
>
> PFA Naoya's patch (pg_ctl.c.patch).
>
> Hi Naoya,
>
> Good finding. I have attached another version of patch (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of code changes, can you please take a look ?. Thanks.
>
> Best Regards,
> Asif Naeem
>
>
> On Mon, Oct 28, 2013 at 4:46 PM, Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:
>
>
> Hi Dave
>
> We register the service using pg_ctl. When I manually executed the following on the command prompt, I saw that the service path of the registered service did not have the pg_ctl.exe path in quotes. May be it should be handled in the pg_ctl code.
>
> c:\Users\Sandeep Thakkar\Documents>"c:\Program Files\PostgreSQL\9.3\bin\pg_ctl.e
> xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D "c:\Program Files\P
> ostgreSQL\9.3\data" -w
>
> Naoya, I could not find your patch here. Can you please share it again?
>
>
>
> On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>
> Sandeep, can you look at this please? Thanks.
>
> On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
> > It is related to windows unquoted service path vulnerability in the the
> > installer that creates service path without quotes that make service.exe to
> > look for undesirable path for executable.
> >
> > postgresql-9.3 service path : C:/Users/asif/Desktop/Program
> > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
> > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> >
> > service.exe
> >>
> >> C:\Users\asif\Desktop\Program NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice NAME
> >> NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
> >> NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N.exe
> >> NAME NOT FOUND
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3".exe NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D.exe NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" NAME
> >> INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
> >> NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
> >> NAME INVALID
> >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w.exe
> >> NAME INVALID
> >
> >
> > Fix :
> >
> > postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
> > files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
> > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> >
> > It would be good if this is reported on pg installer forum or security
> > forum. Thanks.
> >
> > Regards,
> > Asif Naeem
> >
> > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >>
> >> Hi, Asif.
> >>
> >> Thank you for response.
> >>
> >>
> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> >> > server starting
> >>
> >> This failure does not occur by the command line.
> >> PostgreSQL needs to start by Windows Service.
> >>
> >> Additionally,In this case,
> >> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
> >> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
> >> files\9.3\bin".
> >> ------------
> >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
> >> ...
> >> 4,435,456 postgres.exe
> >> 80,896 pg_ctl.exe
> >> ...
> >>
> >> C:\Users\asif\Desktopp>dir
> >> ...
> >> 0 Program
> >> <DIR> Program files
> >> ...
> >> ------------
> >>
> >> Regards,
> >> Naoya
> >>
> >> > Hi Naoya,
> >> >
> >> > I am not able to reproduce the problem. Do you mean pg windows service
> >> > installed by installer is not working or bin\pg_ctl binary is not accepting
> >> > spaces in the patch ?. Following worked for me i.e.
> >> >
> >> >
> >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> >> > server starting
> >> >
> >> >
> >> > Can you please share the exact steps ?. Thanks.
> >> >
> >> >
> >> > Regards,
> >> > Muhammad Asif Naeem
> >> >
> >> >
> >> >
> >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
> >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >> >
> >> >
> >> > Hi All,
> >> >
> >> > I have found a case that PostgreSQL Service does not start.
> >> > When it happens, the following error appears.
> >> >
> >> > "is not a valid Win32 application"
> >> >
> >> > This failure occurs when the following conditions are true.
> >> >
> >> > 1. There is "postgres.exe" in any directory that contains a space,
> >> > such as "Program Files".
> >> >
> >> > e.g.)
> >> > C:\Program Files\PostgreSQL\bin\postgres.exe
> >> >
> >> > 2. A file using the first white space-delimited
> >> > tokens of that directory as the file name exists,
> >> > and there is it in the same hierarchy.
> >> >
> >> > e.g.)
> >> > C:\Program //file
> >> >
> >> > "pg_ctl.exe" as PostgreSQL Service creates a postgres
> >> > process using an absolute path which indicates the
> >> > location of "postgres.exe",but the path is not enclosed
> >> > in quotation.
> >> >
> >> > Therefore,if the above-mentioned conditions are true,
> >> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
> >> > tries to create a process using the other file such
> >> > as "Program", so the service fails to start.
> >> >
> >> > Accordingly, I think that the command path should be
> >> > enclosed in quotation.
> >> >
> >> > I created a patch to fix this failure,
> >> > So could anyone confirm?
> >> >
> >> > Regards,
> >> >
> >> > Naoya
> >> >
> >> > ---
> >> > Naoya Anzai
> >> > Engineering Department
> >> > NEC Soft, Ltd.
> >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> >> > ---
> >> >
> >> >
> >> > --
> >> > Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> >> > To make changes to your subscription:
> >> > http://www.postgresql.org/mailpref/pgsql-hackers
> >> >
> >> >
> >> >
> >> >
> >> >>
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
>
>
>
>
> --
>
> Sandeep Thakkar
> Senior Software Engineer
>
>
> Phone: +91.20.30589505 <tel:%2B91.20.30589505>
>
> Website: www.enterprisedb.com
> EnterpriseDB Blog: http://blogs.enterprisedb.com/
> Follow us on Twitter: http://www.twitter.com/enterprisedb
>
>
>
>
>
>

From:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
To:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
Cc:	Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-29 04:57:30
Message-ID:	CANFyU96ZBqGMXT9F+8dOWoQ2NwcomY4U67d3LMNHOxBL3676Eg@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

So, this is not an installer issue. Is this bug raised to the PostgreSQL
community? If yes, you should submit the patch there.

On Tue, Oct 29, 2013 at 6:23 AM, Naoya Anzai
<anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>wrote:

> Hi, Asif
>
> Thank you for providing my patch (pg_ctl.c.patch) to Sandeep on my behalf.
>
> > Good finding. I have attached another version of patch
> (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
> code changes, can you please take a look ?. Thanks.
>
> I think your patch is not sufficient to fix.
> Not only "pg_ctl.exe" but "postgres.exe" also have the same problem.
> Even if your patch is attached,
> A Path of "postgres.exe" passed to CreateRestrictedProcess is not enclosed
> in quotation.(See pgwin32_ServiceMain at pg_ctl.c)
>
> So, processing enclosed in quotation should do in both conditions.
>
> Regards,
> Naoya
>
> ---
> Naoya Anzai
> Engineering Department
> NEC Soft, Ltd.
> E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> ---
>
>
> > Hi Sandeep,
> >
> > PFA Naoya's patch (pg_ctl.c.patch).
> >
> > Hi Naoya,
> >
> > Good finding. I have attached another version of patch
> (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
> code changes, can you please take a look ?. Thanks.
> >
> > Best Regards,
> > Asif Naeem
> >
> >
> > On Mon, Oct 28, 2013 at 4:46 PM, Sandeep Thakkar <
> sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:
> >
> >
> > Hi Dave
> >
> > We register the service using pg_ctl. When I manually executed the
> following on the command prompt, I saw that the service path of the
> registered service did not have the pg_ctl.exe path in quotes. May be it
> should be handled in the pg_ctl code.
> >
> > c:\Users\Sandeep Thakkar\Documents>"c:\Program
> Files\PostgreSQL\9.3\bin\pg_ctl.e
> > xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D
> "c:\Program Files\P
> > ostgreSQL\9.3\data" -w
> >
> > Naoya, I could not find your patch here. Can you please share it
> again?
> >
> >
> >
> > On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dpage(at)pgadmin(dot)org>
> wrote:
> >
> >
> > Sandeep, can you look at this please? Thanks.
> >
> > On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <
> anaeem(dot)it(at)gmail(dot)com> wrote:
> > > It is related to windows unquoted service path
> vulnerability in the the
> > > installer that creates service path without quotes that
> make service.exe to
> > > look for undesirable path for executable.
> > >
> > > postgresql-9.3 service path :
> C:/Users/asif/Desktop/Program
> > > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3"
> -D
> > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> > >
> > > service.exe
> > >>
> > >> C:\Users\asif\Desktop\Program NAME NOT FOUND
> > >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> ACCESS DENIED
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> ACCESS DENIED
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice NAME
> > >> NOT FOUND
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice.exe
> > >> NAME NOT FOUND
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> NAME NOT FOUND
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N.exe
> > >> NAME NOT FOUND
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> "postgresql-9.3" NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> "postgresql-9.3".exe NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> "postgresql-9.3" -D NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> "postgresql-9.3" -D.exe NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME
> INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe
> NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
> files\9.3\data" NAME
> > >> INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
> files\9.3\data".exe
> > >> NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
> files\9.3\data" -w
> > >> NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
> runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
> files\9.3\data" -w.exe
> > >> NAME INVALID
> > >
> > >
> > > Fix :
> > >
> > > postgresql-9.3 service path :
> "C:/Users/asif/Desktop/Program
> > > files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3"
> -D
> > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> > >
> > > It would be good if this is reported on pg installer
> forum or security
> > > forum. Thanks.
> > >
> > > Regards,
> > > Asif Naeem
> > >
> > > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
> > > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> > >>
> > >> Hi, Asif.
> > >>
> > >> Thank you for response.
> > >>
> > >>
> > >> > C:\Users\asif\Desktop\Program
> files\9.3>"bin\pg_ctl" -D
> > >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l
> logfile start
> > >> > server starting
> > >>
> > >> This failure does not occur by the command line.
> > >> PostgreSQL needs to start by Windows Service.
> > >>
> > >> Additionally,In this case,
> > >> A file "Program" needs to be exist at
> "C:\Users\asif\Desktop\", and
> > >> "postgres.exe" needs to be exist at
> "C:\Users\asif\Desktop\Program
> > >> files\9.3\bin".
> > >> ------------
> > >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
> > >> ...
> > >> 4,435,456 postgres.exe
> > >> 80,896 pg_ctl.exe
> > >> ...
> > >>
> > >> C:\Users\asif\Desktopp>dir
> > >> ...
> > >> 0 Program
> > >> <DIR> Program files
> > >> ...
> > >> ------------
> > >>
> > >> Regards,
> > >> Naoya
> > >>
> > >> > Hi Naoya,
> > >> >
> > >> > I am not able to reproduce the problem. Do you mean
> pg windows service
> > >> > installed by installer is not working or bin\pg_ctl
> binary is not accepting
> > >> > spaces in the patch ?. Following worked for me i.e.
> > >> >
> > >> >
> > >> > C:\Users\asif\Desktop\Program
> files\9.3>"bin\pg_ctl" -D
> > >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l
> logfile start
> > >> > server starting
> > >> >
> > >> >
> > >> > Can you please share the exact steps ?. Thanks.
> > >> >
> > >> >
> > >> > Regards,
> > >> > Muhammad Asif Naeem
> > >> >
> > >> >
> > >> >
> > >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
> > >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> > >> >
> > >> >
> > >> > Hi All,
> > >> >
> > >> > I have found a case that PostgreSQL Service
> does not start.
> > >> > When it happens, the following error appears.
> > >> >
> > >> > "is not a valid Win32 application"
> > >> >
> > >> > This failure occurs when the following
> conditions are true.
> > >> >
> > >> > 1. There is "postgres.exe" in any directory
> that contains a space,
> > >> > such as "Program Files".
> > >> >
> > >> > e.g.)
> > >> > C:\Program Files\PostgreSQL\bin\postgres.exe
> > >> >
> > >> > 2. A file using the first white space-delimited
> > >> > tokens of that directory as the file name
> exists,
> > >> > and there is it in the same hierarchy.
> > >> >
> > >> > e.g.)
> > >> > C:\Program //file
> > >> >
> > >> > "pg_ctl.exe" as PostgreSQL Service creates a
> postgres
> > >> > process using an absolute path which indicates
> the
> > >> > location of "postgres.exe",but the path is not
> enclosed
> > >> > in quotation.
> > >> >
> > >> > Therefore,if the above-mentioned conditions are
> true,
> > >> > CreateProcessAsUser(a Windows Function called
> by pg_ctl.exe)
> > >> > tries to create a process using the other file
> such
> > >> > as "Program", so the service fails to start.
> > >> >
> > >> > Accordingly, I think that the command path
> should be
> > >> > enclosed in quotation.
> > >> >
> > >> > I created a patch to fix this failure,
> > >> > So could anyone confirm?
> > >> >
> > >> > Regards,
> > >> >
> > >> > Naoya
> > >> >
> > >> > ---
> > >> > Naoya Anzai
> > >> > Engineering Department
> > >> > NEC Soft, Ltd.
> > >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> > >> > ---
> > >> >
> > >> >
> > >> > --
> > >> > Sent via pgsql-hackers mailing list (
> pgsql-hackers(at)postgresql(dot)org)
> > >> > To make changes to your subscription:
> > >> >
> http://www.postgresql.org/mailpref/pgsql-hackers
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >>
> >
> >
> > --
> > Dave Page
> > Blog: http://pgsnake.blogspot.com
> > Twitter: @pgsnake
> >
> > EnterpriseDB UK: http://www.enterprisedb.com
> > The Enterprise PostgreSQL Company
> >
> >
> >
> >
> >
> > --
> >
> > Sandeep Thakkar
> > Senior Software Engineer
> >
> >
> > Phone: +91.20.30589505 <tel:%2B91.20.30589505>
> >
> > Website: www.enterprisedb.com
> > EnterpriseDB Blog: http://blogs.enterprisedb.com/
> > Follow us on Twitter: http://www.twitter.com/enterprisedb
> >
> >
> >
> >
> >
> >
>
>
>
>

--
Sandeep Thakkar
Senior Software Engineer

Phone: +91.20.30589505

Website: www.enterprisedb.com
EnterpriseDB Blog: http://blogs.enterprisedb.com/
Follow us on Twitter: http://www.twitter.com/enterprisedb

From:	Asif Naeem <anaeem(dot)it(at)gmail(dot)com>
To:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
Cc:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-29 06:01:52
Message-ID:	CAEB4t-M4X_BpRC3PopyEjGjPDY5H+WxoTcOJDp-WK4ZYExCQCw@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Yes. It should not be installer issue as installer is using pg_ctl to
register and run the service on Windows. Thanks.

Best Regards,
Muhammad Asif Naeem

On Tue, Oct 29, 2013 at 9:57 AM, Sandeep Thakkar <
sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:

> So, this is not an installer issue. Is this bug raised to the PostgreSQL
> community? If yes, you should submit the patch there.
>
>
> On Tue, Oct 29, 2013 at 6:23 AM, Naoya Anzai <
> anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>
>> Hi, Asif
>>
>> Thank you for providing my patch (pg_ctl.c.patch) to Sandeep on my behalf.
>>
>> > Good finding. I have attached another version of patch
>> (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
>> code changes, can you please take a look ?. Thanks.
>>
>> I think your patch is not sufficient to fix.
>> Not only "pg_ctl.exe" but "postgres.exe" also have the same problem.
>> Even if your patch is attached,
>> A Path of "postgres.exe" passed to CreateRestrictedProcess is not
>> enclosed in quotation.(See pgwin32_ServiceMain at pg_ctl.c)
>>
>> So, processing enclosed in quotation should do in both conditions.
>>
>> Regards,
>> Naoya
>>
>> ---
>> Naoya Anzai
>> Engineering Department
>> NEC Soft, Ltd.
>> E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
>> ---
>>
>>
>> > Hi Sandeep,
>> >
>> > PFA Naoya's patch (pg_ctl.c.patch).
>> >
>> > Hi Naoya,
>> >
>> > Good finding. I have attached another version of patch
>> (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
>> code changes, can you please take a look ?. Thanks.
>> >
>> > Best Regards,
>> > Asif Naeem
>> >
>> >
>> > On Mon, Oct 28, 2013 at 4:46 PM, Sandeep Thakkar <
>> sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:
>> >
>> >
>> > Hi Dave
>> >
>> > We register the service using pg_ctl. When I manually executed
>> the following on the command prompt, I saw that the service path of the
>> registered service did not have the pg_ctl.exe path in quotes. May be it
>> should be handled in the pg_ctl code.
>> >
>> > c:\Users\Sandeep Thakkar\Documents>"c:\Program
>> Files\PostgreSQL\9.3\bin\pg_ctl.e
>> > xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D
>> "c:\Program Files\P
>> > ostgreSQL\9.3\data" -w
>> >
>> > Naoya, I could not find your patch here. Can you please share it
>> again?
>> >
>> >
>> >
>> > On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dpage(at)pgadmin(dot)org>
>> wrote:
>> >
>> >
>> > Sandeep, can you look at this please? Thanks.
>> >
>> > On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <
>> anaeem(dot)it(at)gmail(dot)com> wrote:
>> > > It is related to windows unquoted service path
>> vulnerability in the the
>> > > installer that creates service path without quotes that
>> make service.exe to
>> > > look for undesirable path for executable.
>> > >
>> > > postgresql-9.3 service path :
>> C:/Users/asif/Desktop/Program
>> > > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3"
>> -D
>> > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
>> > >
>> > > service.exe
>> > >>
>> > >> C:\Users\asif\Desktop\Program NAME NOT FOUND
>> > >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> ACCESS DENIED
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> ACCESS DENIED
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice NAME
>> > >> NOT FOUND
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice.exe
>> > >> NAME NOT FOUND
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> NAME NOT FOUND
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N.exe
>> > >> NAME NOT FOUND
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3".exe NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D.exe NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
>> NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe
>> NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
>> files\9.3\data" NAME
>> > >> INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
>> files\9.3\data".exe
>> > >> NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
>> files\9.3\data" -w
>> > >> NAME INVALID
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe
>> runservice -N
>> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program
>> files\9.3\data" -w.exe
>> > >> NAME INVALID
>> > >
>> > >
>> > > Fix :
>> > >
>> > > postgresql-9.3 service path :
>> "C:/Users/asif/Desktop/Program
>> > > files/9.3/bin/pg_ctl.exe" runservice -N
>> "postgresql-9.3" -D
>> > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
>> > >
>> > > It would be good if this is reported on pg installer
>> forum or security
>> > > forum. Thanks.
>> > >
>> > > Regards,
>> > > Asif Naeem
>> > >
>> > > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
>> > > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> > >>
>> > >> Hi, Asif.
>> > >>
>> > >> Thank you for response.
>> > >>
>> > >>
>> > >> > C:\Users\asif\Desktop\Program
>> files\9.3>"bin\pg_ctl" -D
>> > >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l
>> logfile start
>> > >> > server starting
>> > >>
>> > >> This failure does not occur by the command line.
>> > >> PostgreSQL needs to start by Windows Service.
>> > >>
>> > >> Additionally,In this case,
>> > >> A file "Program" needs to be exist at
>> "C:\Users\asif\Desktop\", and
>> > >> "postgres.exe" needs to be exist at
>> "C:\Users\asif\Desktop\Program
>> > >> files\9.3\bin".
>> > >> ------------
>> > >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
>> > >> ...
>> > >> 4,435,456 postgres.exe
>> > >> 80,896 pg_ctl.exe
>> > >> ...
>> > >>
>> > >> C:\Users\asif\Desktopp>dir
>> > >> ...
>> > >> 0 Program
>> > >> <DIR> Program files
>> > >> ...
>> > >> ------------
>> > >>
>> > >> Regards,
>> > >> Naoya
>> > >>
>> > >> > Hi Naoya,
>> > >> >
>> > >> > I am not able to reproduce the problem. Do you mean
>> pg windows service
>> > >> > installed by installer is not working or bin\pg_ctl
>> binary is not accepting
>> > >> > spaces in the patch ?. Following worked for me i.e.
>> > >> >
>> > >> >
>> > >> > C:\Users\asif\Desktop\Program
>> files\9.3>"bin\pg_ctl" -D
>> > >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l
>> logfile start
>> > >> > server starting
>> > >> >
>> > >> >
>> > >> > Can you please share the exact steps ?. Thanks.
>> > >> >
>> > >> >
>> > >> > Regards,
>> > >> > Muhammad Asif Naeem
>> > >> >
>> > >> >
>> > >> >
>> > >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
>> > >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> > >> >
>> > >> >
>> > >> > Hi All,
>> > >> >
>> > >> > I have found a case that PostgreSQL Service
>> does not start.
>> > >> > When it happens, the following error appears.
>> > >> >
>> > >> > "is not a valid Win32 application"
>> > >> >
>> > >> > This failure occurs when the following
>> conditions are true.
>> > >> >
>> > >> > 1. There is "postgres.exe" in any directory
>> that contains a space,
>> > >> > such as "Program Files".
>> > >> >
>> > >> > e.g.)
>> > >> > C:\Program Files\PostgreSQL\bin\postgres.exe
>> > >> >
>> > >> > 2. A file using the first white space-delimited
>> > >> > tokens of that directory as the file name
>> exists,
>> > >> > and there is it in the same hierarchy.
>> > >> >
>> > >> > e.g.)
>> > >> > C:\Program //file
>> > >> >
>> > >> > "pg_ctl.exe" as PostgreSQL Service creates a
>> postgres
>> > >> > process using an absolute path which indicates
>> the
>> > >> > location of "postgres.exe",but the path is not
>> enclosed
>> > >> > in quotation.
>> > >> >
>> > >> > Therefore,if the above-mentioned conditions
>> are true,
>> > >> > CreateProcessAsUser(a Windows Function called
>> by pg_ctl.exe)
>> > >> > tries to create a process using the other file
>> such
>> > >> > as "Program", so the service fails to start.
>> > >> >
>> > >> > Accordingly, I think that the command path
>> should be
>> > >> > enclosed in quotation.
>> > >> >
>> > >> > I created a patch to fix this failure,
>> > >> > So could anyone confirm?
>> > >> >
>> > >> > Regards,
>> > >> >
>> > >> > Naoya
>> > >> >
>> > >> > ---
>> > >> > Naoya Anzai
>> > >> > Engineering Department
>> > >> > NEC Soft, Ltd.
>> > >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
>> > >> > ---
>> > >> >
>> > >> >
>> > >> > --
>> > >> > Sent via pgsql-hackers mailing list (
>> pgsql-hackers(at)postgresql(dot)org)
>> > >> > To make changes to your subscription:
>> > >> >
>> http://www.postgresql.org/mailpref/pgsql-hackers
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> >>
>> >
>> >
>> > --
>> > Dave Page
>> > Blog: http://pgsnake.blogspot.com
>> > Twitter: @pgsnake
>> >
>> > EnterpriseDB UK: http://www.enterprisedb.com
>> > The Enterprise PostgreSQL Company
>> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > Sandeep Thakkar
>> > Senior Software Engineer
>> >
>> >
>> > Phone: +91.20.30589505 <tel:%2B91.20.30589505>
>> >
>> > Website: www.enterprisedb.com
>> > EnterpriseDB Blog: http://blogs.enterprisedb.com/
>> > Follow us on Twitter: http://www.twitter.com/enterprisedb
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>>
>>
>
>
> --
> Sandeep Thakkar
> Senior Software Engineer
>
>
> Phone: +91.20.30589505
>
>
> Website: www.enterprisedb.com
> EnterpriseDB Blog: http://blogs.enterprisedb.com/
> Follow us on Twitter: http://www.twitter.com/enterprisedb
>
>

From:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
To:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
Cc:	Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-29 06:04:37
Message-ID:	116262CF971C844FB6E793F8809B51C6B2CF61@BPXM02GP.gisp.nec.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi,Sandeep

Thanks.

Sorry, There was a mistake in what I said.

I said
> Not only "pg_ctl.exe" but "postgres.exe" also have the same problem.
but, to say it correctly,

"postgres.exe" does not have the problem.
Source that contains the problem is only "pg_ctl.c".

> So, this is not an installer issue. Is this bug raised to the PostgreSQL community? If yes, you should submit the patch there.
YES, I had submitted there already,But nobody has responded me yet.

http://postgresql.1045698.n5.nabble.com/PostgreSQL-Service-on-Windows-does-not-start-td5774206.html

Regards,
Naoya

> So, this is not an installer issue. Is this bug raised to the PostgreSQL community? If yes, you should submit the patch there.
>
>
> On Tue, Oct 29, 2013 at 6:23 AM, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>
>
> Hi, Asif
>
> Thank you for providing my patch (pg_ctl.c.patch) to Sandeep on my behalf.
>
>
> > Good finding. I have attached another version of patch (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of code changes, can you please take a look ?. Thanks.
>
>
> I think your patch is not sufficient to fix.
> Not only "pg_ctl.exe" but "postgres.exe" also have the same problem.
> Even if your patch is attached,
> A Path of "postgres.exe" passed to CreateRestrictedProcess is not enclosed in quotation.(See pgwin32_ServiceMain at pg_ctl.c)
>
> So, processing enclosed in quotation should do in both conditions.
>
>
> Regards,
> Naoya
>
> ---
> Naoya Anzai
> Engineering Department
> NEC Soft, Ltd.
> E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> ---
>
>
> > Hi Sandeep,
> >
> > PFA Naoya's patch (pg_ctl.c.patch).
> >
> > Hi Naoya,
> >
> > Good finding. I have attached another version of patch (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of code changes, can you please take a look ?. Thanks.
> >
> > Best Regards,
> > Asif Naeem
> >
> >
> > On Mon, Oct 28, 2013 at 4:46 PM, Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:
> >
> >
> > Hi Dave
> >
> > We register the service using pg_ctl. When I manually executed the following on the command prompt, I saw that the service path of the registered service did not have the pg_ctl.exe path in quotes. May be it should be handled in the pg_ctl code.
> >
> > c:\Users\Sandeep Thakkar\Documents>"c:\Program Files\PostgreSQL\9.3\bin\pg_ctl.e
> > xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D "c:\Program Files\P
> > ostgreSQL\9.3\data" -w
> >
> > Naoya, I could not find your patch here. Can you please share it again?
> >
> >
> >
> > On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> >
> >
> > Sandeep, can you look at this please? Thanks.
> >
> > On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
> > > It is related to windows unquoted service path vulnerability in the the
> > > installer that creates service path without quotes that make service.exe to
> > > look for undesirable path for executable.
> > >
> > > postgresql-9.3 service path : C:/Users/asif/Desktop/Program
> > > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
> > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> > >
> > > service.exe
> > >>
> > >> C:\Users\asif\Desktop\Program NAME NOT FOUND
> > >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice NAME
> > >> NOT FOUND
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
> > >> NAME NOT FOUND
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> NAME NOT FOUND
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N.exe
> > >> NAME NOT FOUND
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> "postgresql-9.3" NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> "postgresql-9.3".exe NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> "postgresql-9.3" -D NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> "postgresql-9.3" -D.exe NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" NAME
> > >> INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
> > >> NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
> > >> NAME INVALID
> > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w.exe
> > >> NAME INVALID
> > >
> > >
> > > Fix :
> > >
> > > postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
> > > files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
> > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> > >
> > > It would be good if this is reported on pg installer forum or security
> > > forum. Thanks.
> > >
> > > Regards,
> > > Asif Naeem
> > >
> > > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
> > > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> > >>
> > >> Hi, Asif.
> > >>
> > >> Thank you for response.
> > >>
> > >>
> > >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> > >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> > >> > server starting
> > >>
> > >> This failure does not occur by the command line.
> > >> PostgreSQL needs to start by Windows Service.
> > >>
> > >> Additionally,In this case,
> > >> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
> > >> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
> > >> files\9.3\bin".
> > >> ------------
> > >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
> > >> ...
> > >> 4,435,456 postgres.exe
> > >> 80,896 pg_ctl.exe
> > >> ...
> > >>
> > >> C:\Users\asif\Desktopp>dir
> > >> ...
> > >> 0 Program
> > >> <DIR> Program files
> > >> ...
> > >> ------------
> > >>
> > >> Regards,
> > >> Naoya
> > >>
> > >> > Hi Naoya,
> > >> >
> > >> > I am not able to reproduce the problem. Do you mean pg windows service
> > >> > installed by installer is not working or bin\pg_ctl binary is not accepting
> > >> > spaces in the patch ?. Following worked for me i.e.
> > >> >
> > >> >
> > >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> > >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> > >> > server starting
> > >> >
> > >> >
> > >> > Can you please share the exact steps ?. Thanks.
> > >> >
> > >> >
> > >> > Regards,
> > >> > Muhammad Asif Naeem
> > >> >
> > >> >
> > >> >
> > >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
> > >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> > >> >
> > >> >
> > >> > Hi All,
> > >> >
> > >> > I have found a case that PostgreSQL Service does not start.
> > >> > When it happens, the following error appears.
> > >> >
> > >> > "is not a valid Win32 application"
> > >> >
> > >> > This failure occurs when the following conditions are true.
> > >> >
> > >> > 1. There is "postgres.exe" in any directory that contains a space,
> > >> > such as "Program Files".
> > >> >
> > >> > e.g.)
> > >> > C:\Program Files\PostgreSQL\bin\postgres.exe
> > >> >
> > >> > 2. A file using the first white space-delimited
> > >> > tokens of that directory as the file name exists,
> > >> > and there is it in the same hierarchy.
> > >> >
> > >> > e.g.)
> > >> > C:\Program //file
> > >> >
> > >> > "pg_ctl.exe" as PostgreSQL Service creates a postgres
> > >> > process using an absolute path which indicates the
> > >> > location of "postgres.exe",but the path is not enclosed
> > >> > in quotation.
> > >> >
> > >> > Therefore,if the above-mentioned conditions are true,
> > >> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
> > >> > tries to create a process using the other file such
> > >> > as "Program", so the service fails to start.
> > >> >
> > >> > Accordingly, I think that the command path should be
> > >> > enclosed in quotation.
> > >> >
> > >> > I created a patch to fix this failure,
> > >> > So could anyone confirm?
> > >> >
> > >> > Regards,
> > >> >
> > >> > Naoya
> > >> >
> > >> > ---
> > >> > Naoya Anzai
> > >> > Engineering Department
> > >> > NEC Soft, Ltd.
> > >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> > >> > ---
> > >> >
> > >> >
> > >> > --
> > >> > Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> > >> > To make changes to your subscription:
> > >> > http://www.postgresql.org/mailpref/pgsql-hackers
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >>
> >
> >
>
> > --
> > Dave Page
> > Blog: http://pgsnake.blogspot.com
> > Twitter: @pgsnake
> >
> > EnterpriseDB UK: http://www.enterprisedb.com
> > The Enterprise PostgreSQL Company
> >
> >
> >
> >
> >
> > --
> >
> > Sandeep Thakkar
> > Senior Software Engineer
> >
> >
>
> > Phone: +91.20.30589505 <tel:%2B91.20.30589505>
>
> >
> > Website: www.enterprisedb.com
> > EnterpriseDB Blog: http://blogs.enterprisedb.com/
> > Follow us on Twitter: http://www.twitter.com/enterprisedb
> >
> >
> >
> >
> >
> >
>
>
>
>
>
>
>
>
> --
>
> Sandeep Thakkar
> Senior Software Engineer
> <http://www.enterprisedb.com/sites/default/files/EDB-logo-4c.png>
>
> Phone: +91.20.30589505
>
> Website: www.enterprisedb.com
> EnterpriseDB Blog: http://blogs.enterprisedb.com/
> Follow us on Twitter: http://www.twitter.com/enterprisedb
>
>
>

Regards,

Naoya

---
Naoya Anzai
Engineering Department
NEC Soft, Ltd.
E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
---

From:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
To:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
Cc:	Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-29 06:20:23
Message-ID:	CANFyU94CCb17AryoEBvYfnVDrJ2ZUdWyw-DyEjM2m+6G8M15JA@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi Naoya

I think, you should change the subject line to "Unquoted service path
containing space is vulnerable and can be exploited on Windows" to get the
attention.. :)

BTW, in your case, the file "Program" should be an exe and not just any
other file to exploit this vulnerability. Right?

On Tue, Oct 29, 2013 at 11:34 AM, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> wrote:

> Hi,Sandeep
>
> Thanks.
>
> Sorry, There was a mistake in what I said.
>
> I said
> > Not only "pg_ctl.exe" but "postgres.exe" also have the same
> problem.
> but, to say it correctly,
>
> "postgres.exe" does not have the problem.
> Source that contains the problem is only "pg_ctl.c".
>
> > So, this is not an installer issue. Is this bug raised to the PostgreSQL
> community? If yes, you should submit the patch there.
> YES, I had submitted there already,But nobody has responded me yet.
>
>
> http://postgresql.1045698.n5.nabble.com/PostgreSQL-Service-on-Windows-does-not-start-td5774206.html
>
> Regards,
> Naoya
>
> > So, this is not an installer issue. Is this bug raised to the PostgreSQL
> community? If yes, you should submit the patch there.
> >
> >
> > On Tue, Oct 29, 2013 at 6:23 AM, Naoya Anzai <
> anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >
> >
> > Hi, Asif
> >
> > Thank you for providing my patch (pg_ctl.c.patch) to Sandeep on my
> behalf.
> >
> >
> > > Good finding. I have attached another version of patch
> (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
> code changes, can you please take a look ?. Thanks.
> >
> >
> > I think your patch is not sufficient to fix.
> > Not only "pg_ctl.exe" but "postgres.exe" also have the same
> problem.
> > Even if your patch is attached,
> > A Path of "postgres.exe" passed to CreateRestrictedProcess is not
> enclosed in quotation.(See pgwin32_ServiceMain at pg_ctl.c)
> >
> > So, processing enclosed in quotation should do in both conditions.
> >
> >
> > Regards,
> > Naoya
> >
> > ---
> > Naoya Anzai
> > Engineering Department
> > NEC Soft, Ltd.
> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> > ---
> >
> >
> > > Hi Sandeep,
> > >
> > > PFA Naoya's patch (pg_ctl.c.patch).
> > >
> > > Hi Naoya,
> > >
> > > Good finding. I have attached another version of patch
> (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of
> code changes, can you please take a look ?. Thanks.
> > >
> > > Best Regards,
> > > Asif Naeem
> > >
> > >
> > > On Mon, Oct 28, 2013 at 4:46 PM, Sandeep Thakkar <
> sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:
> > >
> > >
> > > Hi Dave
> > >
> > > We register the service using pg_ctl. When I manually
> executed the following on the command prompt, I saw that the service path
> of the registered service did not have the pg_ctl.exe path in quotes. May
> be it should be handled in the pg_ctl code.
> > >
> > > c:\Users\Sandeep Thakkar\Documents>"c:\Program
> Files\PostgreSQL\9.3\bin\pg_ctl.e
> > > xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService"
> -D "c:\Program Files\P
> > > ostgreSQL\9.3\data" -w
> > >
> > > Naoya, I could not find your patch here. Can you please
> share it again?
> > >
> > >
> > >
> > > On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <
> dpage(at)pgadmin(dot)org> wrote:
> > >
> > >
> > > Sandeep, can you look at this please? Thanks.
> > >
> > > On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <
> anaeem(dot)it(at)gmail(dot)com> wrote:
> > > > It is related to windows unquoted service path
> vulnerability in the the
> > > > installer that creates service path without
> quotes that make service.exe to
> > > > look for undesirable path for executable.
> > > >
> > > > postgresql-9.3 service path :
> C:/Users/asif/Desktop/Program
> > > > files/9.3/bin/pg_ctl.exe runservice -N
> "postgresql-9.3" -D
> > > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> > > >
> > > > service.exe
> > > >>
> > > >> C:\Users\asif\Desktop\Program NAME NOT FOUND
> > > >> C:\Users\asif\Desktop\Program.exe NAME NOT
> FOUND
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe ACCESS DENIED
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe ACCESS DENIED
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice NAME
> > > >> NOT FOUND
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice.exe
> > > >> NAME NOT FOUND
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> NAME NOT FOUND
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N.exe
> > > >> NAME NOT FOUND
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" NAME INVALID
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3".exe NAME INVALID
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D NAME INVALID
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D.exe NAME INVALID
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D
> "C:\Users\asif\Desktop\Program NAME INVALID
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D
> "C:\Users\asif\Desktop\Program.exe NAME INVALID
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D
> "C:\Users\asif\Desktop\Program files\9.3\data" NAME
> > > >> INVALID
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D
> "C:\Users\asif\Desktop\Program files\9.3\data".exe
> > > >> NAME INVALID
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D
> "C:\Users\asif\Desktop\Program files\9.3\data" -w
> > > >> NAME INVALID
> > > >> C:\Users\asif\Desktop\Program
> files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D
> "C:\Users\asif\Desktop\Program files\9.3\data" -w.exe
> > > >> NAME INVALID
> > > >
> > > >
> > > > Fix :
> > > >
> > > > postgresql-9.3 service path :
> "C:/Users/asif/Desktop/Program
> > > > files/9.3/bin/pg_ctl.exe" runservice -N
> "postgresql-9.3" -D
> > > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> > > >
> > > > It would be good if this is reported on pg
> installer forum or security
> > > > forum. Thanks.
> > > >
> > > > Regards,
> > > > Asif Naeem
> > > >
> > > > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
> > > > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> > > >>
> > > >> Hi, Asif.
> > > >>
> > > >> Thank you for response.
> > > >>
> > > >>
> > > >> > C:\Users\asif\Desktop\Program
> files\9.3>"bin\pg_ctl" -D
> > > >> > "C:\Users\asif\Desktop\Program
> files\9.3\data1" -l logfile start
> > > >> > server starting
> > > >>
> > > >> This failure does not occur by the command line.
> > > >> PostgreSQL needs to start by Windows Service.
> > > >>
> > > >> Additionally,In this case,
> > > >> A file "Program" needs to be exist at
> "C:\Users\asif\Desktop\", and
> > > >> "postgres.exe" needs to be exist at
> "C:\Users\asif\Desktop\Program
> > > >> files\9.3\bin".
> > > >> ------------
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
> > > >> ...
> > > >> 4,435,456 postgres.exe
> > > >> 80,896 pg_ctl.exe
> > > >> ...
> > > >>
> > > >> C:\Users\asif\Desktopp>dir
> > > >> ...
> > > >> 0 Program
> > > >> <DIR> Program files
> > > >> ...
> > > >> ------------
> > > >>
> > > >> Regards,
> > > >> Naoya
> > > >>
> > > >> > Hi Naoya,
> > > >> >
> > > >> > I am not able to reproduce the problem. Do
> you mean pg windows service
> > > >> > installed by installer is not working or
> bin\pg_ctl binary is not accepting
> > > >> > spaces in the patch ?. Following worked for
> me i.e.
> > > >> >
> > > >> >
> > > >> > C:\Users\asif\Desktop\Program
> files\9.3>"bin\pg_ctl" -D
> > > >> > "C:\Users\asif\Desktop\Program
> files\9.3\data1" -l logfile start
> > > >> > server starting
> > > >> >
> > > >> >
> > > >> > Can you please share the exact steps ?.
> Thanks.
> > > >> >
> > > >> >
> > > >> > Regards,
> > > >> > Muhammad Asif Naeem
> > > >> >
> > > >> >
> > > >> >
> > > >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
> > > >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> > > >> >
> > > >> >
> > > >> > Hi All,
> > > >> >
> > > >> > I have found a case that PostgreSQL
> Service does not start.
> > > >> > When it happens, the following error
> appears.
> > > >> >
> > > >> > "is not a valid Win32 application"
> > > >> >
> > > >> > This failure occurs when the following
> conditions are true.
> > > >> >
> > > >> > 1. There is "postgres.exe" in any
> directory that contains a space,
> > > >> > such as "Program Files".
> > > >> >
> > > >> > e.g.)
> > > >> > C:\Program
> Files\PostgreSQL\bin\postgres.exe
> > > >> >
> > > >> > 2. A file using the first white
> space-delimited
> > > >> > tokens of that directory as the file
> name exists,
> > > >> > and there is it in the same
> hierarchy.
> > > >> >
> > > >> > e.g.)
> > > >> > C:\Program //file
> > > >> >
> > > >> > "pg_ctl.exe" as PostgreSQL Service
> creates a postgres
> > > >> > process using an absolute path which
> indicates the
> > > >> > location of "postgres.exe",but the path
> is not enclosed
> > > >> > in quotation.
> > > >> >
> > > >> > Therefore,if the above-mentioned
> conditions are true,
> > > >> > CreateProcessAsUser(a Windows Function
> called by pg_ctl.exe)
> > > >> > tries to create a process using the
> other file such
> > > >> > as "Program", so the service fails to
> start.
> > > >> >
> > > >> > Accordingly, I think that the command
> path should be
> > > >> > enclosed in quotation.
> > > >> >
> > > >> > I created a patch to fix this failure,
> > > >> > So could anyone confirm?
> > > >> >
> > > >> > Regards,
> > > >> >
> > > >> > Naoya
> > > >> >
> > > >> > ---
> > > >> > Naoya Anzai
> > > >> > Engineering Department
> > > >> > NEC Soft, Ltd.
> > > >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> > > >> > ---
> > > >> >
> > > >> >
> > > >> > --
> > > >> > Sent via pgsql-hackers mailing list (
> pgsql-hackers(at)postgresql(dot)org)
> > > >> > To make changes to your subscription:
> > > >> >
> http://www.postgresql.org/mailpref/pgsql-hackers
> > > >> >
> > > >> >
> > > >> >
> > > >> >
> > > >> >>
> > >
> > >
> >
> > > --
> > > Dave Page
> > > Blog: http://pgsnake.blogspot.com
> > > Twitter: @pgsnake
> > >
> > > EnterpriseDB UK: http://www.enterprisedb.com
> > > The Enterprise PostgreSQL Company
> > >
> > >
> > >
> > >
> > >
> > > --
> > >
> > > Sandeep Thakkar
> > > Senior Software Engineer
> > >
> > >
> >
> > > Phone: +91.20.30589505 <tel:%2B91.20.30589505>
> >
> > >
> > > Website: www.enterprisedb.com
> > > EnterpriseDB Blog: http://blogs.enterprisedb.com/
> > > Follow us on Twitter: http://www.twitter.com/enterprisedb
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> >
> > Sandeep Thakkar
> > Senior Software Engineer
> > <http://www.enterprisedb.com/sites/default/files/EDB-logo-4c.png>
> >
> > Phone: +91.20.30589505
> >
> > Website: www.enterprisedb.com
> > EnterpriseDB Blog: http://blogs.enterprisedb.com/
> > Follow us on Twitter: http://www.twitter.com/enterprisedb
> >
> >
> >
>
> Regards,
>
> Naoya
>
> ---
> Naoya Anzai
> Engineering Department
> NEC Soft, Ltd.
> E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> ---
>
>
>
>

--
Sandeep Thakkar
Senior Software Engineer

Phone: +91.20.30589505

Website: www.enterprisedb.com
EnterpriseDB Blog: http://blogs.enterprisedb.com/
Follow us on Twitter: http://www.twitter.com/enterprisedb

This e-mail message (and any attachment) is intended for the use of the
individual or entity to whom it is addressed. This message contains
information from EnterpriseDB Corporation that may be privileged,
confidential, or exempt from disclosure under applicable law. If you are
not the intended recipient or authorized to receive this for the intended
recipient, any use, dissemination, distribution, retention, archiving, or
copying of this communication is strictly prohibited. If you have received
this e-mail in error, please notify the sender immediately by reply e-mail
and delete this message.

From:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
To:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
Cc:	Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-29 07:16:58
Message-ID:	116262CF971C844FB6E793F8809B51C6B2CFFF@BPXM02GP.gisp.nec.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi Sandeep

> I think, you should change the subject line to "Unquoted service path containing space is vulnerable and can be exploited on Windows" to get the attention.. :)
Thank you for advice!
I'll try to post to pgsql-bugs again.

> BTW, in your case, the file "Program" should be an exe and not just any other file to exploit this vulnerability. Right?
Yes, "Program" is a simple file I made.

Best Regards,
Naoya

> Hi Naoya
>
> I think, you should change the subject line to "Unquoted service path containing space is vulnerable and can be exploited on Windows" to get the attention.. :)
>
> BTW, in your case, the file "Program" should be an exe and not just any other file to exploit this vulnerability. Right?
>
>
> On Tue, Oct 29, 2013 at 11:34 AM, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>
>
> Hi,Sandeep
>
> Thanks.
>
> Sorry, There was a mistake in what I said.
>
> I said
>
> > Not only "pg_ctl.exe" but "postgres.exe" also have the same problem.
>
> but, to say it correctly,
>
> "postgres.exe" does not have the problem.
> Source that contains the problem is only "pg_ctl.c".
>
>
> > So, this is not an installer issue. Is this bug raised to the PostgreSQL community? If yes, you should submit the patch there.
>
> YES, I had submitted there already,But nobody has responded me yet.
>
> http://postgresql.1045698.n5.nabble.com/PostgreSQL-Service-on-Windows-does-not-start-td5774206.html
>
> Regards,
> Naoya
>
>
> > So, this is not an installer issue. Is this bug raised to the PostgreSQL community? If yes, you should submit the patch there.
> >
> >
> > On Tue, Oct 29, 2013 at 6:23 AM, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >
> >
> > Hi, Asif
> >
> > Thank you for providing my patch (pg_ctl.c.patch) to Sandeep on my behalf.
> >
> >
> > > Good finding. I have attached another version of patch (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of code changes, can you please take a look ?. Thanks.
> >
> >
> > I think your patch is not sufficient to fix.
> > Not only "pg_ctl.exe" but "postgres.exe" also have the same problem.
> > Even if your patch is attached,
> > A Path of "postgres.exe" passed to CreateRestrictedProcess is not enclosed in quotation.(See pgwin32_ServiceMain at pg_ctl.c)
> >
> > So, processing enclosed in quotation should do in both conditions.
> >
> >
> > Regards,
> > Naoya
> >
> > ---
> > Naoya Anzai
> > Engineering Department
> > NEC Soft, Ltd.
> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> > ---
> >
> >
> > > Hi Sandeep,
> > >
> > > PFA Naoya's patch (pg_ctl.c.patch).
> > >
> > > Hi Naoya,
> > >
> > > Good finding. I have attached another version of patch (pg_ctl.c_windows_vulnerability.patch) attached that has fewer lines of code changes, can you please take a look ?. Thanks.
> > >
> > > Best Regards,
> > > Asif Naeem
> > >
> > >
> > > On Mon, Oct 28, 2013 at 4:46 PM, Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:
> > >
> > >
> > > Hi Dave
> > >
> > > We register the service using pg_ctl. When I manually executed the following on the command prompt, I saw that the service path of the registered service did not have the pg_ctl.exe path in quotes. May be it should be handled in the pg_ctl code.
> > >
> > > c:\Users\Sandeep Thakkar\Documents>"c:\Program Files\PostgreSQL\9.3\bin\pg_ctl.e
> > > xe" register -N "pg-9.3" -U "NT AUTHORITY\NetworkService" -D "c:\Program Files\P
> > > ostgreSQL\9.3\data" -w
> > >
> > > Naoya, I could not find your patch here. Can you please share it again?
> > >
> > >
> > >
> > > On Mon, Oct 28, 2013 at 2:53 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> > >
> > >
> > > Sandeep, can you look at this please? Thanks.
> > >
> > > On Mon, Oct 28, 2013 at 8:18 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
> > > > It is related to windows unquoted service path vulnerability in the the
> > > > installer that creates service path without quotes that make service.exe to
> > > > look for undesirable path for executable.
> > > >
> > > > postgresql-9.3 service path : C:/Users/asif/Desktop/Program
> > > > files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
> > > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> > > >
> > > > service.exe
> > > >>
> > > >> C:\Users\asif\Desktop\Program NAME NOT FOUND
> > > >> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice NAME
> > > >> NOT FOUND
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
> > > >> NAME NOT FOUND
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> NAME NOT FOUND
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N.exe
> > > >> NAME NOT FOUND
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" NAME INVALID
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3".exe NAME INVALID
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D NAME INVALID
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D.exe NAME INVALID
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" NAME
> > > >> INVALID
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
> > > >> NAME INVALID
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
> > > >> NAME INVALID
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> > > >> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w.exe
> > > >> NAME INVALID
> > > >
> > > >
> > > > Fix :
> > > >
> > > > postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
> > > > files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
> > > > "C:/Users/asif/Desktop/Program files/9.3/data" -w
> > > >
> > > > It would be good if this is reported on pg installer forum or security
> > > > forum. Thanks.
> > > >
> > > > Regards,
> > > > Asif Naeem
> > > >
> > > > On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai
> > > > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> > > >>
> > > >> Hi, Asif.
> > > >>
> > > >> Thank you for response.
> > > >>
> > > >>
> > > >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> > > >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> > > >> > server starting
> > > >>
> > > >> This failure does not occur by the command line.
> > > >> PostgreSQL needs to start by Windows Service.
> > > >>
> > > >> Additionally,In this case,
> > > >> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
> > > >> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
> > > >> files\9.3\bin".
> > > >> ------------
> > > >> C:\Users\asif\Desktop\Program files\9.3\bin>dir
> > > >> ...
> > > >> 4,435,456 postgres.exe
> > > >> 80,896 pg_ctl.exe
> > > >> ...
> > > >>
> > > >> C:\Users\asif\Desktopp>dir
> > > >> ...
> > > >> 0 Program
> > > >> <DIR> Program files
> > > >> ...
> > > >> ------------
> > > >>
> > > >> Regards,
> > > >> Naoya
> > > >>
> > > >> > Hi Naoya,
> > > >> >
> > > >> > I am not able to reproduce the problem. Do you mean pg windows service
> > > >> > installed by installer is not working or bin\pg_ctl binary is not accepting
> > > >> > spaces in the patch ?. Following worked for me i.e.
> > > >> >
> > > >> >
> > > >> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
> > > >> > "C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> > > >> > server starting
> > > >> >
> > > >> >
> > > >> > Can you please share the exact steps ?. Thanks.
> > > >> >
> > > >> >
> > > >> > Regards,
> > > >> > Muhammad Asif Naeem
> > > >> >
> > > >> >
> > > >> >
> > > >> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai
> > > >> > <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> > > >> >
> > > >> >
> > > >> > Hi All,
> > > >> >
> > > >> > I have found a case that PostgreSQL Service does not start.
> > > >> > When it happens, the following error appears.
> > > >> >
> > > >> > "is not a valid Win32 application"
> > > >> >
> > > >> > This failure occurs when the following conditions are true.
> > > >> >
> > > >> > 1. There is "postgres.exe" in any directory that contains a space,
> > > >> > such as "Program Files".
> > > >> >
> > > >> > e.g.)
> > > >> > C:\Program Files\PostgreSQL\bin\postgres.exe
> > > >> >
> > > >> > 2. A file using the first white space-delimited
> > > >> > tokens of that directory as the file name exists,
> > > >> > and there is it in the same hierarchy.
> > > >> >
> > > >> > e.g.)
> > > >> > C:\Program //file
> > > >> >
> > > >> > "pg_ctl.exe" as PostgreSQL Service creates a postgres
> > > >> > process using an absolute path which indicates the
> > > >> > location of "postgres.exe",but the path is not enclosed
> > > >> > in quotation.
> > > >> >
> > > >> > Therefore,if the above-mentioned conditions are true,
> > > >> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
> > > >> > tries to create a process using the other file such
> > > >> > as "Program", so the service fails to start.
> > > >> >
> > > >> > Accordingly, I think that the command path should be
> > > >> > enclosed in quotation.
> > > >> >
> > > >> > I created a patch to fix this failure,
> > > >> > So could anyone confirm?
> > > >> >
> > > >> > Regards,
> > > >> >
> > > >> > Naoya
> > > >> >
> > > >> > ---
> > > >> > Naoya Anzai
> > > >> > Engineering Department
> > > >> > NEC Soft, Ltd.
> > > >> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> > > >> > ---
> > > >> >
> > > >> >
> > > >> > --
> > > >> > Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> > > >> > To make changes to your subscription:
> > > >> > http://www.postgresql.org/mailpref/pgsql-hackers
> > > >> >
> > > >> >
> > > >> >
> > > >> >
> > > >> >>
> > >
> > >
> >
> > > --
> > > Dave Page
> > > Blog: http://pgsnake.blogspot.com
> > > Twitter: @pgsnake
> > >
> > > EnterpriseDB UK: http://www.enterprisedb.com
> > > The Enterprise PostgreSQL Company
> > >
> > >
> > >
> > >
> > >
> > > --
> > >
> > > Sandeep Thakkar
> > > Senior Software Engineer
> > >
> > >
> >
> > > Phone: +91.20.30589505 <tel:%2B91.20.30589505>
> >
> > >
> > > Website: www.enterprisedb.com
> > > EnterpriseDB Blog: http://blogs.enterprisedb.com/
> > > Follow us on Twitter: http://www.twitter.com/enterprisedb
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> >
> > Sandeep Thakkar
> > Senior Software Engineer
>
> > <http://www.enterprisedb.com/sites/default/files/EDB-logo-4c.png>
>
> >
> > Phone: +91.20.30589505
> >
> > Website: www.enterprisedb.com
> > EnterpriseDB Blog: http://blogs.enterprisedb.com/
> > Follow us on Twitter: http://www.twitter.com/enterprisedb
> >
> >
> >
>
>
> Regards,
>
> Naoya
>
> ---
> Naoya Anzai
> Engineering Department
> NEC Soft, Ltd.
> E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> ---
>
>
>
>
>
>
>
>
> --
>
> Sandeep Thakkar
> Senior Software Engineer
> <http://www.enterprisedb.com/sites/default/files/EDB-logo-4c.png>
>
> Phone: +91.20.30589505
>
> Website: www.enterprisedb.com
> EnterpriseDB Blog: http://blogs.enterprisedb.com/
> Follow us on Twitter: http://www.twitter.com/enterprisedb
>
> This e-mail message (and any attachment) is intended for the use of the individual or entity to whom it is addressed. This message contains information from EnterpriseDB Corporation that may be privileged, confidential, or exempt from disclosure under applicable law. If you are not the intended recipient or authorized to receive this for the intended recipient, any use, dissemination, distribution, retention, archiving, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately by reply e-mail and delete this message.
>

Regards,

Naoya

---
Naoya Anzai
Engineering Department
NEC Soft, Ltd.
E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
---

From:	Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>
To:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
Cc:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>, Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-31 05:17:53
Message-ID:	CAA4eK1+YdWP7u+L4ZQ2o23OmWXdT69wGXTCB_xbf0Sy-jDNg9A@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
<anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> Hi Sandeep
>
>> I think, you should change the subject line to "Unquoted service path containing space is vulnerable and can be exploited on Windows" to get the attention.. :)
> Thank you for advice!
> I'll try to post to pgsql-bugs again.

I could also reproduce this issue. The situation is very rare such
that an "exe" with name same as first part of directory should exist
in installation path.
I suggest you can post your patch in next commit fest.

With Regards,
Amit Kapila.
EnterpriseDB: http://www.enterprisedb.com

From:	Asif Naeem <anaeem(dot)it(at)gmail(dot)com>
To:	Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>
Cc:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>, Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-31 05:44:16
Message-ID:	CAEB4t-O-Y3x2NdX5kXscQf-qxTtSGwgW6_Py4UY5xtc0BYh1FQ@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>wrote:

> On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
> <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> > Hi Sandeep
> >
> >> I think, you should change the subject line to "Unquoted service path
> containing space is vulnerable and can be exploited on Windows" to get the
> attention.. :)
> > Thank you for advice!
> > I'll try to post to pgsql-bugs again.
>
> I could also reproduce this issue. The situation is very rare such
> that an "exe" with name same as first part of directory should exist
> in installation path.
>

I believe it is a security risk with bigger impact as it is related to
Windows environment and as installers rely on it.

> I suggest you can post your patch in next commit fest.

Yes. Are not vulnerabilities/security risk's taken care of more urgent
bases ?

> With Regards,
> Amit Kapila.
> EnterpriseDB: http://www.enterprisedb.com
>

From:	Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
To:	Asif Naeem <anaeem(dot)it(at)gmail(dot)com>
Cc:	Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-31 06:36:53
Message-ID:	CANFyU941Qmj4qC0u492hHGAeemMVGHSz5pjfOQo5o5jab3=3dg@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Services are started with the system privileges. If somebody is able to
place that .exe in the specified directory, then it will be executed on
service start. So, yes, I too agree with Asif that it is an important issue
and should be fixed in the code at the earliest.

On Thu, Oct 31, 2013 at 11:14 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:

> On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>wrote:
>
>> On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
>> <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> > Hi Sandeep
>> >
>> >> I think, you should change the subject line to "Unquoted service path
>> containing space is vulnerable and can be exploited on Windows" to get the
>> attention.. :)
>> > Thank you for advice!
>> > I'll try to post to pgsql-bugs again.
>>
>> I could also reproduce this issue. The situation is very rare such
>> that an "exe" with name same as first part of directory should exist
>> in installation path.
>>
>
> I believe it is a security risk with bigger impact as it is related to
> Windows environment and as installers rely on it.
>
>
>> I suggest you can post your patch in next commit fest.
>
>
> Yes. Are not vulnerabilities/security risk's taken care of more urgent
> bases ?
>
>
>> With Regards,
>> Amit Kapila.
>> EnterpriseDB: http://www.enterprisedb.com
>>
>
>

--
Sandeep Thakkar

Phone: +91.20.30589505

Website: www.enterprisedb.com
EnterpriseDB Blog: http://blogs.enterprisedb.com/
Follow us on Twitter: http://www.twitter.com/enterprisedb

From:	Robert Haas <robertmhaas(at)gmail(dot)com>
To:	Asif Naeem <anaeem(dot)it(at)gmail(dot)com>
Cc:	Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>, Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-10-31 12:12:48
Message-ID:	CA+TgmoZBF4+o33xMy=5mq_2OamdFY7hauhFo3sm406eUgGb2FQ@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

On Thu, Oct 31, 2013 at 1:44 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
> On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>
> wrote:
>>
>> On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
>> <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>> > Hi Sandeep
>> >
>> >> I think, you should change the subject line to "Unquoted service path
>> >> containing space is vulnerable and can be exploited on Windows" to get the
>> >> attention.. :)
>> > Thank you for advice!
>> > I'll try to post to pgsql-bugs again.
>>
>> I could also reproduce this issue. The situation is very rare such
>> that an "exe" with name same as first part of directory should exist
>> in installation path.
>
>
> I believe it is a security risk with bigger impact as it is related to
> Windows environment and as installers rely on it.
>
>>
>> I suggest you can post your patch in next commit fest.
>
>
> Yes. Are not vulnerabilities/security risk's taken care of more urgent bases
> ?

If one of the committers who is knowledgeable about Windows has time
to apply this *before* the next CommitFest, that's obviously great.
But the purpose of adding a link to the next CommitFest is to provide
a backstop, so that we're not relying solely on someone to notice this
email thread and pick it up, but instead have the patch as part of a
list of patches needing review.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

From:	Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>
To:	Robert Haas <robertmhaas(at)gmail(dot)com>
Cc:	Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>, Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-10 05:41:25
Message-ID:	CAA4eK1J1ayyQYdrJri_KV48Q_EbrwzqQcGGvnRrGPoBT97h35g@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi Naoya,

On Thu, Oct 31, 2013 at 5:42 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Thu, Oct 31, 2013 at 1:44 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
>> On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>
>> wrote:
>>>
>>> On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
>>> <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
>>> > Hi Sandeep
>>> >
>>> >> I think, you should change the subject line to "Unquoted service path
>>> >> containing space is vulnerable and can be exploited on Windows" to get the
>>> >> attention.. :)
>>> > Thank you for advice!
>>> > I'll try to post to pgsql-bugs again.
>>>
>>> I could also reproduce this issue. The situation is very rare such
>>> that an "exe" with name same as first part of directory should exist
>>> in installation path.
>>
>
> If one of the committers who is knowledgeable about Windows has time
> to apply this *before* the next CommitFest, that's obviously great.
> But the purpose of adding a link to the next CommitFest is to provide
> a backstop, so that we're not relying solely on someone to notice this
> email thread and pick it up, but instead have the patch as part of a
> list of patches needing review.

I have uploaded your patch for next commit fest, hope you can support
it if there is any feedback for your patch by reviewer/committer.

With Regards,
Amit Kapila.
EnterpriseDB: http://www.enterprisedb.com

From:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
To:	Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>
Cc:	Robert Haas <robertmhaas(at)gmail(dot)com>, Asif Naeem <anaeem(dot)it(at)gmail(dot)com>, Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>, Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-11 04:14:04
Message-ID:	116262CF971C844FB6E793F8809B51C6B3352D@BPXM02GP.gisp.nec.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi Amit,

> I have uploaded your patch for next commit fest, hope you can support
> it if there is any feedback for your patch by reviewer/committer.
Thanks! Okay, I will support you.

Best Regards,
Naoya

> Hi Naoya,
>
> On Thu, Oct 31, 2013 at 5:42 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> > On Thu, Oct 31, 2013 at 1:44 AM, Asif Naeem <anaeem(dot)it(at)gmail(dot)com> wrote:
> >> On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>
> >> wrote:
> >>>
> >>> On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
> >>> <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >>> > Hi Sandeep
> >>> >
> >>> >> I think, you should change the subject line to "Unquoted service path
> >>> >> containing space is vulnerable and can be exploited on Windows" to get the
> >>> >> attention.. :)
> >>> > Thank you for advice!
> >>> > I'll try to post to pgsql-bugs again.
> >>>
> >>> I could also reproduce this issue. The situation is very rare such
> >>> that an "exe" with name same as first part of directory should exist
> >>> in installation path.
> >>
> >
> > If one of the committers who is knowledgeable about Windows has time
> > to apply this *before* the next CommitFest, that's obviously great.
> > But the purpose of adding a link to the next CommitFest is to provide
> > a backstop, so that we're not relying solely on someone to notice this
> > email thread and pick it up, but instead have the patch as part of a
> > list of patches needing review.
>
> I have uploaded your patch for next commit fest, hope you can support
> it if there is any feedback for your patch by reviewer/committer.
>
> With Regards,
> Amit Kapila.
> EnterpriseDB: http://www.enterprisedb.com
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>

Regards,

Naoya

---
Naoya Anzai
Engineering Department
NEC Soft, Ltd.
E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
---

From:	Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com>
To:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
Cc:	"pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-20 06:20:43
Message-ID:	BF2827DCCE55594C8D7A8F7FFD3AB7713DDAC41E@SZXEML508-MBX.china.huawei.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

ON 11 November 2013, Naoya Anzai Wrote:

>>
>> Hi Amit,
>>
> > I have uploaded your patch for next commit fest, hope you can support
> > it if there is any feedback for your patch by reviewer/committer.
> Thanks! Okay, I will support you.

1. Patch applies cleanly to master HEAD.
2. No Compilation Warning.
3. It works as per the patch expectation.

One suggestion:
Instead of using sizeof(cmdLine),
a. Can't we use strlen (hence small 'for' loop).
b. Or use memmove to move one byte.

Thanks and Regards,
Kumar Rajeev Rastogi

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com>
Cc:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-24 02:39:05
Message-ID:	4415.1385260745@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com> writes:
> One suggestion:
> Instead of using sizeof(cmdLine),
> a. Can't we use strlen (hence small 'for' loop).
> b. Or use memmove to move one byte.

I looked at this patch a bit. I agree that we need to fix
pgwin32_CommandLine to double-quote the executable name, but it needs a
great deal more work than that :-(. Whoever wrote this code was
apparently unacquainted with the concept of buffer overrun. It's not
going to be hard at all to crash pg_ctl with overlength arguments. I'm
not sure that that amounts to a security bug, but it's certainly bad.

After some thought it seems like the most future-proof fix is to not
use a fixed-length buffer for the command string at all. The attached
revised patch switches it over to using a PQExpBuffer instead, which is
pretty much free since we're relying on libpq anyway in this program.
(We still use a fixed-length buffer for the program path, which is OK
because that's what find_my_exec and find_other_exec expect.)

In addition, I fixed it to append .exe in both cases not just the one.

I'm not in a position to actually test this, but it does compile
without warnings.

regards, tom lane

Attachment	Content-Type	Size
fix-pgwin32_CommandLine-2.patch	text/x-diff	4.5 KB

From:	Christian Ullrich <chris(at)chrullrich(dot)net>
To:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-25 08:42:54
Message-ID:	l6v2i3$32a$1@ger.gmane.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

* Tom Lane wrote:

> I looked at this patch a bit. I agree that we need to fix
> pgwin32_CommandLine to double-quote the executable name, but it needs a
> great deal more work than that :-(. Whoever wrote this code was

One additional issue is that the path to the service executable should
use backslashes exclusively. Currently, the last directory separator in
the service command line (the one before "pg_ctl.exe") is a forward
slash. I recently had trouble with Symantec Backup Exec (not sure which
versions are affected); it fails to do system state backups when a
service registered using pg_ctl is present on the system.

See <http://www.symantec.com/docs/TECH144413> for the same issue
involving a different service.

The EDB installer does not cause that problem, although I don't know if
that is because it does not use pg_ctl to register the service or
because it fixes the path afterwards.

--
Christian

From:	Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
Cc:	"pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-25 13:37:17
Message-ID:	BF2827DCCE55594C8D7A8F7FFD3AB7713DDAD798@SZXEML508-MBX.china.huawei.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

On 24 November 2013, Tom Lane Wrote:
> > One suggestion:
> > Instead of using sizeof(cmdLine),
> > a. Can't we use strlen (hence small 'for' loop).
> > b. Or use memmove to move one byte.
>
> I looked at this patch a bit. I agree that we need to fix
> pgwin32_CommandLine to double-quote the executable name, but it needs a
> great deal more work than that :-(. Whoever wrote this code was
> apparently unacquainted with the concept of buffer overrun. It's not
> going to be hard at all to crash pg_ctl with overlength arguments. I'm
> not sure that that amounts to a security bug, but it's certainly bad.
>
> After some thought it seems like the most future-proof fix is to not
> use a fixed-length buffer for the command string at all. The attached
> revised patch switches it over to using a PQExpBuffer instead, which is
> pretty much free since we're relying on libpq anyway in this program.
> (We still use a fixed-length buffer for the program path, which is OK
> because that's what find_my_exec and find_other_exec expect.)
>
> In addition, I fixed it to append .exe in both cases not just the one.
>
> I'm not in a position to actually test this, but it does compile
> without warnings.

I tested the latest patch. My observation is:
If we give relative data directory path while registering the service, then service start fails.
But same works if the data directory is absolute path.

Looks like an existing issue. May be we need to internally convert relative data path to absolute.

Thanks and Regards,
Kumar Rajeev Rastogi

From:	Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
Cc:	"pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-26 12:09:31
Message-ID:	BF2827DCCE55594C8D7A8F7FFD3AB7713DDAE329@SZXEML508-MBX.china.huawei.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

On 25 November 2013, Rajeev Rastogi Wrote:
> > > One suggestion:
> > > Instead of using sizeof(cmdLine),
> > > a. Can't we use strlen (hence small 'for' loop).
> > > b. Or use memmove to move one byte.
> >
> > I looked at this patch a bit. I agree that we need to fix
> > pgwin32_CommandLine to double-quote the executable name, but it needs
> > a great deal more work than that :-(. Whoever wrote this code was
> > apparently unacquainted with the concept of buffer overrun. It's not
> > going to be hard at all to crash pg_ctl with overlength arguments.
> > I'm not sure that that amounts to a security bug, but it's certainly
> bad.
> >
> > After some thought it seems like the most future-proof fix is to not
> > use a fixed-length buffer for the command string at all. The
> attached
> > revised patch switches it over to using a PQExpBuffer instead, which
> > is pretty much free since we're relying on libpq anyway in this
> program.
> > (We still use a fixed-length buffer for the program path, which is OK
> > because that's what find_my_exec and find_other_exec expect.)
> >
> > In addition, I fixed it to append .exe in both cases not just the one.
> >
> > I'm not in a position to actually test this, but it does compile
> > without warnings.
>
> I tested the latest patch. My observation is:
> If we give relative data directory path while registering the
> service, then service start fails.
> But same works if the data directory is absolute path.
>
> Looks like an existing issue. May be we need to internally
> convert relative data path to absolute.

Since the mentioned issue is an existing issue and not because of this patch.
So can we take that as separate defect and fix. If so, then I can
move this patch to "ready for committer".

Thanks and Regards,
Kumar Rajeev Rastogi

From:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
To:	Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-27 09:24:12
Message-ID:	116262CF971C844FB6E793F8809B51C6B3FB87@BPXM02GP.gisp.nec.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Hi, Rajeev

> > I tested the latest patch. My observation is:
> > If we give relative data directory path while registering the
> > service, then service start fails.
> > But same works if the data directory is absolute path.
> >
> > Looks like an existing issue. May be we need to internally
> > convert relative data path to absolute.
>
> Since the mentioned issue is an existing issue and not because of this patch.
> So can we take that as separate defect and fix. If so, then I can
> move this patch to "ready for committer".

I think so too.
In boot by Service, CurrentDirectory seems to be "C:/Windows/system32".
So, you have to set a relative data directory path that the starting point to be "C:/Windows/system32".

>
> Thanks and Regards,
> Kumar Rajeev Rastogi
>
>

Regards,

Naoya

---
Naoya Anzai
Engineering Department
NEC Soft, Ltd.
E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
---

From:	Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com>
To:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-27 10:42:49
Message-ID:	BF2827DCCE55594C8D7A8F7FFD3AB7713DDAE9A1@SZXEML508-MBX.china.huawei.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

On 27 November 2013, Naoya Anzai wrote:
> Hi, Rajeev
>
> > > I tested the latest patch. My observation is:
> > > If we give relative data directory path while registering the
> > > service, then service start fails.
> > > But same works if the data directory is absolute path.
> > >
> > > Looks like an existing issue. May be we need to internally
> convert
> > > relative data path to absolute.
> >
> > Since the mentioned issue is an existing issue and not because of
> this patch.
> > So can we take that as separate defect and fix. If so, then I can
> move
> > this patch to "ready for committer".
>
> I think so too.
> In boot by Service, CurrentDirectory seems to be "C:/Windows/system32".
> So, you have to set a relative data directory path that the starting
> point to be "C:/Windows/system32".
>

OK. Then I am moving it to "ready for committer".

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com>
Cc:	Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-29 23:43:46
Message-ID:	21694.1385768626@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com> writes:
> OK. Then I am moving it to "ready for committer".

I've committed this patch. I added a make_native_path() call to fix the
slashes-versus-backslashes issue noted by Christian Ullrich, since that
was an easy one-line addition. I didn't do anything about the
relative-path-for-the-data-directory issue. That would take a bit more
code and I'm not certain that we've fully analyzed the implications of
changing it. In any case it seems like a completely separate issue from
getting the executable pathname right.

Thanks for all your work on this! This code's been busted for a long
while ...

regards, tom lane

From:	Andrew Dunstan <andrew(at)dunslane(dot)net>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com>, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-30 00:28:05
Message-ID:	52993115.6070000@dunslane.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

On 11/29/2013 06:43 PM, Tom Lane wrote:
> Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com> writes:
>> OK. Then I am moving it to "ready for committer".
> I've committed this patch. I added a make_native_path() call to fix the
> slashes-versus-backslashes issue noted by Christian Ullrich, since that
> was an easy one-line addition.

I don't mind changing this, but IMNSHO it's not a bug. The program
that's reported to fail with the old use of mixed separators is the one
with the bug. But changing it costs us little.

cheers

andrew

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc:	Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com>, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp>
Subject:	Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"
Date:	2013-11-30 00:40:06
Message-ID:	22863.1385772006@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Lists:	pgsql-hackers

Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> On 11/29/2013 06:43 PM, Tom Lane wrote:
>> I've committed this patch. I added a make_native_path() call to fix the
>> slashes-versus-backslashes issue noted by Christian Ullrich, since that
>> was an easy one-line addition.

> I don't mind changing this, but IMNSHO it's not a bug. The program
> that's reported to fail with the old use of mixed separators is the one
> with the bug. But changing it costs us little.

Yeah, no doubt, but we're certainly swimming against the tide by not
following the platform convention.

regards, tom lane