* Matthew Toseland <toad at amphibian.dyndns.org> [2008-09-24 20:32:16]:
> On Wednesday 24 September 2008 20:19, Florent Daigni?re wrote: > > * Matthew Toseland <toad at amphibian.dyndns.org> [2008-09-23 01:45:10]: > > > > > On Monday 22 September 2008 20:30, Zero3 wrote: > > > > > > I really don't understand why creating a user - a measure which is solely > > > intended to improve security by not having Freenet run as System - causes > > > concern for so many windows-using geeks. You can't log in as that user, > and > > > thus it isn't visible on the login screen. And it's standard practice on > > > unix. And it improves your security against a hypothetical exploit in > > > Freenet. WHY IS THIS BAD? Having said that, it does seem to cause some > > > installation failures, so maybe we should turn it off. However, running > > > as > > > the installing user isn't straightforward, we'd probably end up running > > > as > > > System. Nextgens??? > > > > Running as the installing user isn't an option unless we ask him for his > > password AND store it in cleartext in a file... or we don't use the > > windows services at all. > > > > Running it as System is what we have been doing before you pushed hard > > on me to find a solution to > > https://bugs.freenetproject.org/view.php?id=1231 > > > Well, the biggest problem IIRC wasn't the security issue but the fact that a > service running as System can't be killed from Task Manager. > > As you say, we can't run as the installing user... Well, we can! provided we don't use the windows services at all but a shortcut in the startup menu or something like that... but we don't want to because that's user-specific. We want to maximize the uptime of nodes, not to restrict it to the timespan a specific user is logged on the system. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080924/eb3bdf29/attachment.pgp>
