Will Dean <svn@indcomp.co.uk> wrote on 01/21/2005 09:49:42 AM:
> At 15:41 21/01/2005 +0100, you wrote:
>
> >Yes, it would be a security issue. So called priviledge escalations
> >might be possible.
>
> Yes, although the flip-side is that LOCALSYSTEM is actually less
privileged
> in terms of network access.
>
> >The advantage of a service isn't just that it's loaded before someone
> >is logged on. It's also a way to reliably (without users being able to
> >interfere/disable it) start it automatically. Every other method is
> >easy for a halfway experienced user to remove (autostart, registry,
> >...).
>
> I'm not sure I'm convinced. You can stop a service automatically
starting
> from the U/I or the registry.
>
> But anyway, if the shell autostarts the cache if it needs it, who cares?
Aren't Windows services prevented from accessing any network resources
unless you configure them to logon as a specific Domain user? And if you
do that, then you run into password management issues.
I would recommend staying away from services. If the Shell extensions
starts the cache process, I do not see how a user could defeat it, other
than killing the process from Task Manager. Stopping a service is easy.
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Fri Jan 21 16:08:19 2005