lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: volker.tanger at discon.de (Volker Tanger)
Subject: Re: Funny article

On Thu, 13 Nov 2003 10:08:13 -0600 Frank Knobbe <frank@...bbe.us> wrote:
> On Thu, 2003-11-13 at 08:41, Volker Tanger wrote:
> > > Ideally the Apache exe should be running as an unpriviledged user.
> > > but then, ideally the IIS server should be running as an
> > > unpriviledged user too....
> > 
> > Well, running a kernel task is a bit difficult to do unprivileged...
> 
> The reason IIS4+ runs as SYSTEM appears to be to gain performance. I
> guess running IIS as a kernel module and having less context switches
> does do well for performance (like an Apache LKM), but unfortunately
> not for security.
> What specific kernel task were you referring to?

Sorry, vague wording on my side. I meant exactly the "kernel module"
part you mentioned when saying "kernel task". 

Did not work with IIS for the last few years, so memory suffered
(obviously). 

Bye

Volker Tanger
ITK-Security


Powered by blists - more mailing lists