Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What are the security risks in running a Windows Service as "Local System"?

Tags:

c#

windows-services

I have written a .NET Windows service which runs as "Local System". Recently I read that, running as local system might expose system credential to hackers enabling them to take over the system. What are the risks involved and how can I prevent them when I run service as Local System.

like image 898
softwarematter Avatar asked Sep 20 '09 00:09

softwarematter

People also ask

What is the difference between local system and network service?

The Local Service principal is tailored to services that only access local resources and don't need access to other network resources. The Network Service account, on the other hand, is tailored to services or applications that do need access to network resources.

Does local service have network access?

When a service runs under the LocalSystem account on a computer that is a domain member, the service has whatever network access is granted to the computer account, or to any groups of which the computer account is a member.

What is local system service?

The LocalSystem account is a predefined local account used by the service control manager. This account is not recognized by the security subsystem, so you cannot specify its name in a call to the LookupAccountName function. It has extensive privileges on the local computer, and acts as the computer on the network.

Is Local System account same as Administrator?

The main difference between the Administrator and SYSTEM is that Administrator is an actual account (for example, it has a password) whereas SYSTEM is not. (Properly speaking, SYSTEM is a "security principal".)

1 Answers

Services running as LocalSystem are part of the system's trusted space. Technically speaking, they have the SeTcbName privilege. This means, inter alia, that such services can alter any security settings, grant themselves any privileges, and generally do anything Windows can do.

As a result, any flaw in your service — unsanitized input passed to system functions, bad dll search paths, buffer overruns, whatever — becomes a critical security hole. This is why no system administrator in an enterprise environment will permit your service to be installed if it runs under LocalSystem. Use the LocalService and NetworkService accounts.

like image 110
Anton Tykhyy Avatar answered Nov 10 '22 01:11

Anton Tykhyy
Sign in to Comment

Related questions

How to create XElement with default namespace for children without using XNamespace in all child nodes
HttpWebRequest with https in C#
FxCop - Use properties where appropriate
My 32 bit headache is now a 64bit migraine?!? (or 64bit .NET CLR Runtime issues)
web service can't serialize an interface
Enforcing dependencies in IoC via a constructor?
How to use .Net assembly from Win32 without registration?
What's up with the [OptionalField] Attribute?
Change Windows Service user programmatically
DateTime format mismatch on importing from Excel Sheet
Windows Forms DataGridView control have different control types in the same column
Accessing files beyond MAX_PATH in C#/.NET
Show treeview items connected with lines?
C# Get progID from COM object
ASMX Web service not serializing abstract base class
DynamicMethod and out-parameters?
Reading PDF in C# [closed]
How do you wait for a Network Stream to have data to read?
LINQ and JSON.NET when the property names vary
C# For how long was user inactive

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!