Tuesday, September 23, 2008

[HACKERS] 8.3 .4 + Vista + MingW + initdb = ACCESS_DENIED

I'm trying to upgrade my copy of postgresql from 8.2.x to 8.3.4 on a
Windows Vista SP1 laptop. I build postgres using mingw/msys and have had
no issues with 8.1.x and 8.2.x. However, with 8.3.4 I run into problems.

First, building fails:

c:/Development/MingW/bin/../lib/gcc/mingw32/3.4.5/../../../../include/sspi.h:60:

error: syntax error before "SECURITY_STRING"
In file included from
c:/Development/MingW/bin/../lib/gcc/mingw32/3.4.5/../../../../include/security.h:39,
from ../../../../src/include/libpq/libpq-be.h:50,

This also happens from libpq-int.h. The solution in both cases is to
add an additional header file:

#ifdef ENABLE_SSPI
#define SECURITY_WIN32
#include <ntsecapi.h> <------- Add this include
#include <security.h>
#undef SECURITY_WIN32

That fixes the build issue.

Second, once I've successfully built and installed postgres, I run into
a bigger problem. When using initdb, I get this error:

creating template1 database in c:/Data/postgres30/base/1 ... FATAL:
could not create shared memory segment: 5
DETAIL: Failed system call was CreateFileMapping(size=1802240,
name=Global\PostgreSQL:c:/Data/postgres).

A bit of googling and reading MSDN docs shows that applications that
don't run in Session 0 on Vista are not allowed to create shared memory
in the Global namespace. Since initdb is invoked from the command line,
it runs in Session 1.

To get around this, you can give the user running and application the
"Create Global objects" right using the Local Security Policy. Needless
to say I did that without any luck.

I then installed the pre-built binaries for Vista using the official
windows installer. Calling initdb in the same way with the same user works.

With 8.3.x the installer uses binaries built with VC 2005 instead of
mingw - so clearly there are lots of differences. But I'm wondering if
there is some difference in the way security is setup - maybe the
addition of a manifest file to initdb that allows it to create global
shared memory? I also assume it has to do with the way DACLs are setup,
as described in this thread:

http://archives.postgresql.org/pgsql-patches/2008-02/msg00074.php

Or maybe its the way the executables are installed - I see that the
installer makes SYSTEM their owner which of course doesn't happen with
make install on MingW/msys.

So I'm stumped - the same user running initdb built with VC++ works but
running initdb with MingW fails. Any help much appreciated...

Thanks,

Charlie

--
Charlie Savage
http://cfis.savagexi.com

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)