Services are started with the system privileges. If somebody is able to place that .exe in the specified directory, then it will be executed on service start. So, yes, I too agree with Asif that it is an important issue and should be fixed in the code at the earliest.
On Thu, Oct 31, 2013 at 11:14 AM, Asif Naeem <anaeem...@gmail.com> wrote: > On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila <amit.kapil...@gmail.com>wrote: > >> On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai >> <anzai-na...@mxu.nes.nec.co.jp> wrote: >> > Hi Sandeep >> > >> >> I think, you should change the subject line to "Unquoted service path >> containing space is vulnerable and can be exploited on Windows" to get the >> attention.. :) >> > Thank you for advice! >> > I'll try to post to pgsql-bugs again. >> >> I could also reproduce this issue. The situation is very rare such >> that an "exe" with name same as first part of directory should exist >> in installation path. >> > > I believe it is a security risk with bigger impact as it is related to > Windows environment and as installers rely on it. > > >> I suggest you can post your patch in next commit fest. > > > Yes. Are not vulnerabilities/security risk's taken care of more urgent > bases ? > > >> With Regards, >> Amit Kapila. >> EnterpriseDB: http://www.enterprisedb.com >> > > -- Sandeep Thakkar Phone: +91.20.30589505 Website: www.enterprisedb.com EnterpriseDB Blog: http://blogs.enterprisedb.com/ Follow us on Twitter: http://www.twitter.com/enterprisedb
