什么是运行一个Windows服务作为&QUOT的安全隐患;本地系统"？ [英] What are the security risks in running a Windows Service as "Local System"?

问题描述

我已经写它运行作为本地系统的.NET Windows服务。最近，我读了，作为本地系统运行可能使系统证书被黑客使他们能够接管系统。
什么是所涉及的风险，我怎么能阻止他们，当我运行服务作为本地系统。

I have written a .NET Windows service which runs as "Local System". Recently I read that, running as local system might expose system credential to hackers enabling them to take over the system. What are the risks involved and how can I prevent them when I run service as Local System.

推荐答案

服务运行为本地系统是系统信任的空间的一部分。从技术上讲，他们有 SeTcbName 特权。这意味着，的尤其的，这种服务可以改变任何安全设置，授予自己的特权，一般做什么Windows可以做的。

Services running as LocalSystem are part of the system's trusted space. Technically speaking, they have the SeTcbName privilege. This means, inter alia, that such services can alter any security settings, grant themselves any privileges, and generally do anything Windows can do.

其结果是，在你的服务有任何瑕疵 - 传递给系统功能，错误的DLL搜索路径，缓冲区溢出，无论unsanitized输入 - 成为一个关键的安全漏洞。这就是为什么，如果它在本地系统运行要安装任何系统管理员在企业环境将允许您服务。使用本地服务和网​​络服务帐户。

As a result, any flaw in your service — unsanitized input passed to system functions, bad dll search paths, buffer overruns, whatever — becomes a critical security hole. This is why no system administrator in an enterprise environment will permit your service to be installed if it runs under LocalSystem. Use the LocalService and NetworkService accounts.

这篇关于什么是运行一个Windows服务作为&QUOT的安全隐患;本地系统"？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！