[英]What are the security risks in running a Windows Service as “Local System”?
I have written a .NET Windows service which runs as "Local System". 我编写了一个运行为“本地系统”的.NET Windows服务。 Recently I read that, running as local system might expose system credential to hackers enabling them to take over the system. 最近我读到,作为本地系统运行可能会向黑客公开系统凭证,使他们能够接管系统。 What are the risks involved and how can I prevent them when I run service as Local System. 涉及的风险是什么?当我作为本地系统运行服务时,如何防止它们。
Services running as LocalSystem
are part of the system's trusted space. 作为LocalSystem
运行的服务是系统可信空间的一部分。 Technically speaking, they have the SeTcbName
privilege. 从技术上讲,它们具有SeTcbName
权限。 This means, inter alia , that such services can alter any security settings, grant themselves any privileges, and generally do anything Windows can do. 这意味着, 除其他外 ,此类服务可以更改任何安全设置,授予自己任何权限,并且通常可以执行Windows可以执行的任何操作。
As a result, any flaw in your service — unsanitized input passed to system functions, bad dll search paths, buffer overruns, whatever — becomes a critical security hole. 因此,您服务中的任何缺陷 - 传递给系统函数的未经过处理的输入,错误的dll搜索路径,缓冲区溢出等等 - 都成为一个关键的安全漏洞。 This is why no system administrator in an enterprise environment will permit your service to be installed if it runs under LocalSystem
. 这就是为什么企业环境中的系统管理员如果在LocalSystem
下运行则不允许安装服务的原因。 Use the LocalService
and NetworkService
accounts. 使用LocalService
和NetworkService
帐户。
With any service that you run, or I believe any application, you should have the application remove permissions that are not needed, to reduce the impact of hackers. 对于您运行的任何服务,或者我相信任何应用程序,您应该让应用程序删除不需要的权限,以减少黑客的影响。
So, if the service doesn't need to write to the local directory, or delete, then remove that permission. 因此,如果服务不需要写入本地目录或删除,则删除该权限。
Also, you can look at whether you will need access to registry keys. 此外,您可以查看是否需要访问注册表项。
There are various permissions you can remove to limit the damage that can be done. 您可以删除各种权限以限制可以执行的损害。
Edit: You may want to do a find for S2. 编辑:您可能想要查找S2。 Window Services to find more information about the risks due to Local System. 窗口服务,用于查找有关本地系统风险的更多信息。 http://www.sans.org/top20/ http://www.sans.org/top20/
I think the main problem is that if someone will discover a security bug in your service that lets him access system resources and/or execute code - it access/execute with Local System rights (which are the same as built in Administrators). 我认为主要的问题是,如果有人在您的服务中发现一个安全漏洞,让他访问系统资源和/或执行代码 - 它使用本地系统权限(与管理员内置的相同)访问/执行。 The question is - are you totaly sure your service is hacker proof?? 问题是 - 你是否完全确定你的服务是黑客证明? :P :P
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.