You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "R.J. Kraaij" <te...@worldonline.nl> on 1999/02/01 11:50:11 UTC
[ apache on win32 Service /network shares]
Hi, this is my first post here, so if i'm doing something wrong,
Please Tell it me personally :o)
> * who should run the service? Who exactly is the "system account"?
> That _really_ sucks. Can we recommend running Apache as some
> other user?
The Service uses it accounts it's running on to Hand it over to called
devices. However there are expection. For instance, Pathworks On NT. When
having a user logged into the system and having a drive mapped, the
service is capable of access the drive by using the users credits..
This is one of the leaks i personaly experimented. Microsoft iis3 is also
vurnerable for this leak. infact, we have been using this trick
ourself, to let us access certain shares with permission problems...
So _high_ care should be taken when logging into a system where a
Webserver is running. be sure your not using a rare networkmapping Client.
because, then, a user, with access to any server scripting, could,
Theoritically (and practilly, tested by myself) access Your mapped Network
devices using _your_ account. (just by doing a openfile on your
Mappedletter:\Drive\
this does not count for smb network shares.
----
Background of author: I'm Running 5 Intranet webservers on IIS,
And an Internet-Apache-Module-Chatserver.
-- Reinder Kraaij