bad security setting for win32 tor service
Nick Mathewson
nickm at freehaven.net
Tue Aug 23 21:10:10 UTC 2005
On Fri, Aug 19, 2005 at 11:43:07PM -0500, Edman, Matt wrote:
> > Matt -- I'd like to accept a patch like this. Can you explain to me
> > what it would do for Tor's storage, though? J Random User shouldn't
> > be able to read Tor's private keys -- can this happen if Tor runs as
> > "NT AUTHORITY\LocalService" ? If so, what is the real solution?
>
> If the service is set to run as LocalService, other limited
> users should not be able to see its data directory.
But other services are running as LocalService, right? It would be a
shame if a buggy webserver or something could look at Tor's keys. Is
it possible for the installer (or the service setup code) to create
a separate limited user for the tor service?
[...]
> Is it acceptable to say "run Tor either as a service or as a normal
> console app. If you want to switch back and forth, you're on
> your own?"
Sounds plausible to me. If you're playing around with services,
you're not a windows newbie, and you ought to understand this stuff,
right? Or will this create tons of support problems?
yrs,
--
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050823/ac3fa3eb/attachment.pgp>
More information about the tor-talk
mailing list