[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Re: Funny article
- To: Frank Knobbe <frank@knobbe.us>
- Subject: Re: [Full-Disclosure] Re: Funny article
- From: "Volker Tanger" <volker.tanger@discon.de>
- Date: Thu, 13 Nov 2003 18:12:42 +0100
On Thu, 13 Nov 2003 10:08:13 -0600 Frank Knobbe <frank@knobbe.us> wrote:
> On Thu, 2003-11-13 at 08:41, Volker Tanger wrote:
> > > Ideally the Apache exe should be running as an unpriviledged user.
> > > but then, ideally the IIS server should be running as an
> > > unpriviledged user too....
> >
> > Well, running a kernel task is a bit difficult to do unprivileged...
>
> The reason IIS4+ runs as SYSTEM appears to be to gain performance. I
> guess running IIS as a kernel module and having less context switches
> does do well for performance (like an Apache LKM), but unfortunately
> not for security.
> What specific kernel task were you referring to?
Sorry, vague wording on my side. I meant exactly the "kernel module"
part you mentioned when saying "kernel task".
Did not work with IIS for the last few years, so memory suffered
(obviously).
Bye
Volker Tanger
ITK-Security
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html