Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 22154 invoked from network); 7 Jan 2010 15:00:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 7 Jan 2010 15:00:36 -0000 Received: (qmail 12369 invoked by uid 500); 7 Jan 2010 15:00:33 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 12289 invoked by uid 500); 7 Jan 2010 15:00:32 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 12272 invoked by uid 99); 7 Jan 2010 15:00:32 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jan 2010 15:00:32 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of peter.crowther3@googlemail.com designates 209.85.219.223 as permitted sender) Received: from [209.85.219.223] (HELO mail-ew0-f223.google.com) (209.85.219.223) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jan 2010 15:00:21 +0000 Received: by ewy23 with SMTP id 23so4456665ewy.24 for ; Thu, 07 Jan 2010 07:00:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type; bh=ECG2q8fJWKpOsFLcPEhNRSQvgsYyUij37zTEpKa982k=; b=FrjjrsboP2mP573qp0Rxn10cMvdoEVJ8uWnA8v0b42OnEVlvO4FXIKP6Yd44PA7L3U gPu5pJywtELAot9AJOSH8DoI0J21/rcsATuxjpW392J/0/1ufDW3T2baikp/V2cqeS3+ iz9gn9anv9hILp5tMLZxuDgtj7zg34scI4fS4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=KOb2NSe0gGHE7IL3AHifHIFm8tUrJXsPI5OOPVzAX3XCUilueaM7EiVmMn1OD6HnK8 Bwj5NX4lr4N5VFojVRjhQytYiG46h3nxMUcPgg3eoSinNHbItp3oV7gpHlidk+pMxsHs 8wSWTNtnJHnF/wSRggm6XNGgHng+/IyrQP7kg= MIME-Version: 1.0 Sender: peter.crowther3@googlemail.com Received: by 10.216.86.148 with SMTP id w20mr4393799wee.138.1262876400733; Thu, 07 Jan 2010 07:00:00 -0800 (PST) In-Reply-To: <948126CDFED9634D8B12AF27F009EDC501E8F96F@oce-exbe03-v.oce.net> References: <948126CDFED9634D8B12AF27F009EDC501E8F96F@oce-exbe03-v.oce.net> Date: Thu, 7 Jan 2010 15:00:00 +0000 X-Google-Sender-Auth: 92f0c2fc9a6b5a35 Message-ID: Subject: Re: How to change effective user id on Windows From: Peter Crowther To: Tomcat Users List Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org 2010/1/7 Looijmans, Mike : > The current configuration is correct in terms of security - the 'SYSTEM' > user is a limited account that has no access to the desktop nor shared > network resources. Sorry to pick you up on this one, Mike, but I think you're thinking of Local*Service*, not Local*System*. LocalSystem has full administrative access to the local computer, including (for example) being able to write a rogue DLL to a spare directory, then amend the registry so that that DLL is loaded by every process that runs on the machine from this point onwards. Or create a new local account that *does* have desktop access and spawn a process running as that user. If you can compromise LocalSystem, you've got the machine. Windows' LocalSystem is very, very close to Unix's root. If you want a non-privileged account, use LocalService not LocalSystem. See, for example http://blogs.msdn.com/jmanning/archive/2008/04/06/localsystem-root-localservice-nobody.aspx - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org