James,
The question not about what can be done in normal functioning program.
The question is that core process running as LocalSystem.
This mean that if buffer overflow will be explored on connection attempt
before authentication and before thread switched
to authenticated account user will get LocalSystem access without
authentication.
Also (not completely sure in this one) if lower priviledge authenticated
user running remote control program will be able to run RevertToSelf he
might get LocalSystem privilidges.
The scope of this question not only about remote control programs - it
should be a question why ANY service need to be running as LocalSystem
or Administrator account.
-----Original Message-----
From: James Kelly [mailto:jim (at) essistants (dot) com [email concealed]]
Sent: Wednesday, February 19, 2003 6:08 PM
To: 'Lee, Alex (NHQ)-EDS'; Tarasul, Alexander;
focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Windows station permissions, remote control programs,lower
priviledge accounts
Question, when you Shift-Right-Click, and run something as another user,
how does that affect how it is logged?
The question not about what can be done in normal functioning program.
The question is that core process running as LocalSystem.
This mean that if buffer overflow will be explored on connection attempt
before authentication and before thread switched
to authenticated account user will get LocalSystem access without
authentication.
Also (not completely sure in this one) if lower priviledge authenticated
user running remote control program will be able to run RevertToSelf he
might get LocalSystem privilidges.
The scope of this question not only about remote control programs - it
should be a question why ANY service need to be running as LocalSystem
or Administrator account.
-----Original Message-----
From: James Kelly [mailto:jim (at) essistants (dot) com [email concealed]]
Sent: Wednesday, February 19, 2003 6:08 PM
To: 'Lee, Alex (NHQ)-EDS'; Tarasul, Alexander;
focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Windows station permissions, remote control programs,lower
priviledge accounts
Question, when you Shift-Right-Click, and run something as another user,
how does that affect how it is logged?
Jim
[ reply ]