Geek Answers Handbook

What are the security risks when running the Windows service as a "local system"?

I wrote a .NET Windows service that runs as a "Local System". I recently read that working as a local system can issue system credentials to hackers, allowing them to take over the system. What are the risks and how can I prevent them when starting the service as a local system.

+7
c # windows-services
source share
3 answers

Services running as LocalSystem are part of a trusted system space. Technically, they have the privilege of SeTcbName . This means, in particular, that such services can change any security settings, provide any privileges, and generally do whatever Windows can do.

As a result, any drawback of your service is unanalyzed input passed to system functions, incorrect dll search routes, buffer overflows, etc. - becomes a critical core of security. That is why no system administrator in a corporate environment can install your service if it runs under LocalSystem . Use LocalService and NetworkService accounts.

+6
source share

When using any service that you start, or I believe in any application, you must remove the application that is not required to reduce the influence of hackers.

So, if the service does not need to write to the local directory or delete, then delete this permission.

In addition, you can see if you need access to registry keys.

There are various permissions that you can remove to limit the damage that can be done.

Edit: You may need to find for S2. Window Services for more information on the risks associated with the local system. http://www.sans.org/top20/

0
source share

I think the main problem is that if someone finds a security error in your service that allows him to access system resources and / or execute code, he will work with local system rights (which are the same as the built-in in Administrators), The question is, are you sure that your service is a hacker proof ?: P

0
source share

More articles:


All Articles