Hi Jochem,
The process that owns port 80 on IIS 6.0 machines is the HTTP.SYS driver
(when enabled). This is a kernel-mode driver that only forwards requests and
*cannot* have user-mode application code loaded into it, as it does no
execution. Any exploits into this are useless.
Furthermore, the process that handles the application code is the W3WP.EXE
worker process. This process is the application pool, configured in the UI.
You can set that to start as any identity that you choose.
What's the security hole here? Saying "if there's a bug..." is a waste of
time since it applies equally to both IIS and Apache.
- Matt Small
> ** Private ** wrote:
> > What account does Apache start under?
>
> The account you configure it to start under.
>
>
> >> The most
> >> obvious privilege is the privilege to start processes under a
> >> different user account.
> >
> > The IIS worker process starts under it's own identity - Network
> > Service.
>
> Run "netstat -ano" on your Windows system with IIS and find the PID of
> the process that owns port 80. Then go to taskmgr: which account does
> that process run under? If there is a bug in that process and that bug
> gets exploited, what account will the exploit run under?
>
Jochem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs
http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU
Archive:
http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:227352
Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
