System.Diagnostics将允许用户杀死IIS7中自己的进程
[英]System.Diagnostics will allow user kill their own process in IIS7
问题描述
Hosted customers in IIS7 can use asp.net and System.Diagnostics to list all the system's process ID. 
IIS7中的托管客户可以使用asp.net和System.Diagnostics列出所有系统的进程ID。 They can also kill the ones that belong to their own application pools. 他们还可以杀死属于自己的应用程序池的应用程序。 Seems like a big security problems in IIS7 for shared hosting environment. 对于共享主机环境,IIS7中似乎存在很大的安全问题。 Any suggestions on how to prevent normal users from accessing System.Diagnostics? 关于如何防止普通用户访问System.Diagnostics的任何建议? How to limit it to administrators only? 如何仅将其限制为管理员?
1 个解决方案
解决方案1
0 2011-05-11 15:58:04
Unlike with Windows 2003 and IIS6, many shared Windows 2008/IIS7 hosting environments provide their customers with dedicated application pools and Full Trust. 与Windows 2003和IIS6不同,许多共享的Windows 2008 / IIS7托管环境为客户提供了专用的应用程序池和完全信任。
Whilst customers may be able to launch and kill their own processes (including their own worker processes), provided that the identity of the account that the site runs under is locked down then no real harm can be done. 尽管客户可以启动并杀死他们自己的进程(包括他们自己的工作进程),但前提是该网站所运行的帐户的身份已被锁定,那么就不会造成真正的危害。 Also what would be the benefit to a customer having code that constantly kills their own application pool (other than to force a restart of a worker process to allow Application_Start type events to fire if you need to reload some settings there)? 如果客户的代码不断地杀死自己的应用程序池(除了强制重新启动工作进程以允许Application_Start类型的事件在需要重新加载某些设置的情况下触发),这对客户有什么好处?
I work for a shared hoster, we actually provide customers with the ability to start, stop and recycle their dedicated pools via our admin system, all they would be doing in code is pretty much the same thing. 我在一家共享主机托管公司工作,实际上,我们通过管理系统为客户提供了启动,停止和回收其专用池的能力,他们在代码中所做的几乎是同一回事。
The worst that can happen is that a customer launches a process that consumes large amounts of memory or an excessive amount of CPU (but then even their own ASP.NET code can run away out of control doing the same). 可能发生的最坏情况是,客户启动了一个消耗大量内存或CPU的进程(但即使这样做,他们自己的ASP.NET代码也可能失控)。 We monitor our servers continuously for such anomalous behaviour and can track down the culprit within 2-3 minutes of being alerted. 我们会持续监控服务器是否存在此类异常行为,并且可以在收到警报后的2-3分钟内追查罪魁祸首。 The end user will get a friendly warning and told not to do this again, if they do then their site is instantly shut down. 最终用户将得到友好的警告,并被告知不要再次执行此操作,如果这样做,则其站点将立即关闭。
The only time I'd be worried if the hoster was running shared pools at full trust, but if they're doing that then they have a whole other security headache to overcome, process killing would be the least of their worries. 我唯一担心的是托管者是否在完全信任的情况下运行共享池,但是如果这样做,则他们还有其他安全难题要克服,进程终止将是他们的后顾之忧。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.