On Saturday 03 January 2009 11:52, Zero3 wrote: > Thomas Sachau skrev: > > Zero3 schrieb: > > > >> Matthew Toseland skrev: > >> > >>> RUNNING AS A DEDICATED USER > >>> ==================== > >>> > >>> At least one user saw his XP login screen changed as a result of Freenet > >>> adding a user to run under. A number of users complained about it, or gave it > >>> as a reason for uninstalling. We have discussed it at length and I really > >>> don't see much alternative on Windows due to permissions problems ... > >>> > >>> > >> Throwing in a question here: What are the reasons for running as our own > >> user compared to LocalService/NetworkService/LocalSystem? What kind of > >> permission problems does the normal service accounts give us (any we > >> can't fix with cacls?). If any at all? Does anyone know? > >> > > > > One reason i can think of: Local System has all rights on windows, so you would run freenet as > > admin/root. One exploit and the attacker has full access to everything. With a seperate restricted > > user, the attacker only gets limited access and has to break another door before he can get in. > > > > I think you are right regarding LocalSystem. toad and Google agrees that > it's the root of root on Windows. > > In IRC, we discussed the security issues vs usability issues by running > as our freenet user compared to LocalService/NetworkService. > > Main concern with the builtin accounts was the fact that if the node was > exploited, the attacker would gain the same access as the user account > the service was started by. However, it seems like both our own freenet > user and the LocalService/NetworkService accounts gets their permissions > from the "Users" groups - e.g. they probably have the same amount of > access right now (besides the extra we hand out). > > Main concern with using our freenet user was the various minor problems > it gives (user annoyances, user popping up at welcome screen (might have > fixed this now) and unkillable process (might be fixable via discussed > service permission commands)). And of course (if you ask me, at least), > it's bad/non-standard practice on Windows and very anti-KISS - e.g. > asking for more problems.
Running it as NetworkService solves the unkillability problem? NetworkService doesn't exist on Windows 2000 Professional, right? Until Microsoft officially discontinues security support for win2k I think we should support it. > > - Zero3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090105/79a0dbad/attachment.pgp>
