> > I'm using openssl with stunnel. > > When i'm running stunnel as a service, RAND_poll in > rand_win.c can't > > work, as > > it needs features not available under the SYSTEM account without a > > user logged in > > (i.e. the UI features) so it dropped all the stuff except for the > > CryptAcquireContext when > > building the "service version". Although i'm totally > dependent on MS- > > randomness now, > > everything works fine when runing as service now. > > OK, does anyone know a good way to detect (in run-time!) when > the program is running as a service? If there's a way, the > rest should be easy.
That's a bit coarse. It might be sufficient to allow the service to interact with the desktop [interactive user] (as admin user, right click on "My Computer", select Manage..., navigate to the services section, right click on the indicated service, choose the "Log On" tab, and under the radio button for "Local System account" there's a checkbox (off by default): "Allow service to interact with desktop". This can also be enabled when the service registers itself at installation. See MS Knowledge Base article number 115825 (formerly Q115825), as well as the documentation on ::CreateService() and search for SERVICE_INTERACTIVE_PROCESS. Of course some customer locations might be reticent about letting services interact with the desktop, this being a potential security hole. But is there a bug here? If it runs "okay" (with limited functionality) if the service doesn't have permissions to access the desktop, isn't that correct? What would you have it do differently if it did detect that it was running as a service? Is there some alternative source of randomness? (Perhaps the number of patches applied to the system? :-). If so, it might be best to detect the problem at the specific API call that fails rather than decide based on running as a service -- partly because it might work running as a service, partly because it might fail for other reasons when not running as a service. Larry West mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
