On Wednesday 24 September 2008 20:19, Florent Daigni?re wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2008-09-23 01:45:10]: > > > On Monday 22 September 2008 20:30, Zero3 wrote: > > > > I really don't understand why creating a user - a measure which is solely > > intended to improve security by not having Freenet run as System - causes > > concern for so many windows-using geeks. You can't log in as that user, and > > thus it isn't visible on the login screen. And it's standard practice on > > unix. And it improves your security against a hypothetical exploit in > > Freenet. WHY IS THIS BAD? Having said that, it does seem to cause some > > installation failures, so maybe we should turn it off. However, running as > > the installing user isn't straightforward, we'd probably end up running as > > System. Nextgens??? > > Running as the installing user isn't an option unless we ask him for his > password AND store it in cleartext in a file... or we don't use the > windows services at all. > > Running it as System is what we have been doing before you pushed hard > on me to find a solution to > https://bugs.freenetproject.org/view.php?id=1231 > Well, the biggest problem IIRC wasn't the security issue but the fact that a service running as System can't be killed from Task Manager.
As you say, we can't run as the installing user... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080924/28b46163/attachment.pgp>
