[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031113181242.28afad1e.volker.tanger@discon.de>
From: volker.tanger at discon.de (Volker Tanger)
Subject: Re: Funny article
On Thu, 13 Nov 2003 10:08:13 -0600 Frank Knobbe <frank@...bbe.us> wrote:
> On Thu, 2003-11-13 at 08:41, Volker Tanger wrote:
> > > Ideally the Apache exe should be running as an unpriviledged user.
> > > but then, ideally the IIS server should be running as an
> > > unpriviledged user too....
> >
> > Well, running a kernel task is a bit difficult to do unprivileged...
>
> The reason IIS4+ runs as SYSTEM appears to be to gain performance. I
> guess running IIS as a kernel module and having less context switches
> does do well for performance (like an Apache LKM), but unfortunately
> not for security.
> What specific kernel task were you referring to?
Sorry, vague wording on my side. I meant exactly the "kernel module"
part you mentioned when saying "kernel task".
Did not work with IIS for the last few years, so memory suffered
(obviously).
Bye
Volker Tanger
ITK-Security
Powered by blists - more mailing lists