That's the responsibility of Windows. By forcing admin privileges to call apache -k * isn't creating any kind of security. Anybody could create a simple five like program or open up services from the control panel to control apache if their account has the rights to do so. Just because apache.exe and AM forces admin requirements, the system does not.
But I think I see what you're saying and to enforce that we'd need to add account checking to the startup code, not the service control code. Shane Mladen Turk wrote: >Just one thought :-) > >I think that at least Administrator privileges are needed to start the >services. >The ApacheMonitor will definitely need that once when async behavior >will be used, so that calls for starting services gets serialized with >LockServiceDatabase that needs Admin privileges. >So I'm for the GENERIC_READ/GENERIC_WRITE/GENERIC_EXECUTE generic access >types, and not for finding security holes. Neither AM nor Apache >shouldn't brake that allowing starting or stopping something that cannot >be done through Service Manager itself, and should report that as access >violation errors. > >MT. > > > >>-----Original Message----- >>From: David Shane Holden [mailto:[EMAIL PROTECTED]] >>Sent: Wednesday, July 10, 2002 2:28 AM >>To: [EMAIL PROTECTED] >>Subject: Re: [PATCH] mpm/winnt service permissions >> >> >>Correct me if I'm wrong, but it sounds like you think this is for >>ApacheMonitor. This is for the winnt mpm itself. >>I thought your patch this morning was for the mpm just as I >>believe you >>think this is for the monitor. >> >>Shane >> >> >>William A. Rowe, Jr. wrote: >> >> >> >>>At 01:40 PM 7/9/2002, you wrote: >>> >>> >>> >>>>This patch sets the calls to OpenSCManager and OpenService >>>> >>>> >>to use the >> >> >>>>minimum required privileges. >>>> >>>> >>>Cool. Could you cvs up to grab the latest version with Mladen's >>>patch, compare your suggested changes to his latest changes for >>>requested privileges, and provide an updated patch to discuss? >>> >>>Bill >>> >>> >>> > > > >>>>- SC_MANAGER_ALL_ACCESS); >>>>+ SC_MANAGER_CONNECT); >>>> if (!schSCManager) { >>>> rv = apr_get_os_error(); >>>> ap_log_error(APLOG_MARK, APLOG_ERR | >>>> >>>> >>APLOG_STARTUP, rv, >> >> >>>>NULL, >>>>@@ -1265,7 +1262,7 @@ >>>> SC_HANDLE schSCManager; >>>> >>>> schSCManager = OpenSCManager(NULL, NULL, // >>>> >>>> >>default machine >> >> >>>>& database >>>>- SC_MANAGER_ALL_ACCESS); >>>>+ SC_MANAGER_CONNECT); >>>> >>>> if (!schSCManager) { >>>> ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, >>>>apr_get_os_error(), NULL, >>>>@@ -1275,7 +1272,8 @@ >>>> >>>> /* ###: utf-ize */ >>>> schService = OpenService(schSCManager, mpm_service_name, >>>>- SERVICE_ALL_ACCESS); >>>>+ SERVICE_INTERROGATE | >>>>SERVICE_QUERY_STATUS | >>>>+ SERVICE_START | SERVICE_STOP); >>>> >>>> if (schService == NULL) { >>>> /* Could not open the service */ >>>> >>>> >>> >>> >> >> > > >
