Matthew Toseland skrev: >> I think you are right regarding LocalSystem. toad and Google agrees that >> it's the root of root on Windows. >> >> In IRC, we discussed the security issues vs usability issues by running >> as our freenet user compared to LocalService/NetworkService. >> >> Main concern with the builtin accounts was the fact that if the node was >> exploited, the attacker would gain the same access as the user account >> the service was started by. However, it seems like both our own freenet >> user and the LocalService/NetworkService accounts gets their permissions >> from the "Users" groups - e.g. they probably have the same amount of >> access right now (besides the extra we hand out). >> >> Main concern with using our freenet user was the various minor problems >> it gives (user annoyances, user popping up at welcome screen (might have >> fixed this now) and unkillable process (might be fixable via discussed >> service permission commands)). And of course (if you ask me, at least), >> it's bad/non-standard practice on Windows and very anti-KISS - e.g. >> asking for more problems. >> > > Running it as NetworkService solves the unkillability problem? > > NetworkService doesn't exist on Windows 2000 Professional, right? Until > Microsoft officially discontinues security support for win2k I think we > should support it. >
I'm not entirely sure regarding the "unkillable process" problem. As an admin user (default on XP, and probably Vista too (with priv escalation)) on XP I can kill both java and the wrapper without problems via the task manager with the node running as the freenet user. Non-admin users obviously cannot kill service processes. The only "protected" processes I know of are some of the core Windows ones, but even those can be killed by using another task manager than the builtin one. NetworkService was introduced in XP, so 2k doesn't have it. 2k is a dying race though, so the question is how much usability we want to sacrifice for the majority of users because of a minority of Win2k users. But then again, I'm leaning more against usability when, most of the time, the only sacrifice is security against quite hypothetical situations. - Zero3
