How to prevent code injection/swap for a windows service? The Next CEO of Stack OverflowHow do you find what process is holding a file open in Windows?Where can I find data stored by a Windows Service running as “Local System Account”?How to add dependency on a Windows Service AFTER the service is installedSet user account for a Windows serviceHow do you search for backdoors from the previous IT person?How do I tell Git for Windows where to find my private RSA key?Rename windows serviceOur security auditor is an idiot. How do I give him the information he wants?Prevent SQL injection in Magento (Search Terms)Authentication options for staging sites
Why does standard notation not preserve intervals (visually)
Why has the US not been more assertive in confronting Russia in recent years?
Why didn't Khan get resurrected in the Genesis Explosion?
What happens if you roll doubles 3 times then land on "Go to jail?"
Parametric curve length - calculus
Elegant way to replace substring in a regex with optional groups in Python?
What's the best way to handle refactoring a big file?
Is micro rebar a better way to reinforce concrete than rebar?
If the heap is initialized for security, then why is the stack uninitialized?
Is "for causing autism in X" grammatical?
How do I make a variable always equal to the result of some calculations?
If/When UK leaves the EU, can a future goverment conduct a referendum to join the EU?
How do we know the LHC results are robust?
Why is the US ranked as #45 in Press Freedom ratings, despite its extremely permissive free speech laws?
Are there any limitations on attacking while grappling?
How to count occurrences of text in a file?
How to solve a differential equation with a term to a power?
Limits on contract work without pre-agreed price/contract (UK)
How do scammers retract money, while you can’t?
How did the Bene Gesserit know how to make a Kwisatz Haderach?
Example of a Mathematician/Physicist whose Other Publications during their PhD eclipsed their PhD Thesis
How do I transpose the 1st and -1th levels of an arbitrarily nested array?
Rotate a column
Bold, vivid family
How to prevent code injection/swap for a windows service?
The Next CEO of Stack OverflowHow do you find what process is holding a file open in Windows?Where can I find data stored by a Windows Service running as “Local System Account”?How to add dependency on a Windows Service AFTER the service is installedSet user account for a Windows serviceHow do you search for backdoors from the previous IT person?How do I tell Git for Windows where to find my private RSA key?Rename windows serviceOur security auditor is an idiot. How do I give him the information he wants?Prevent SQL injection in Magento (Search Terms)Authentication options for staging sites
Heyo!
As part of our product, we have an on-premise installer on our client's servers that interacts with their database. We’re currently in the process of transforming it into a windows service. We’ve found how to make the windows service using the nssm, but one thing that we have trouble with is how to ensure that we don’t expose our clients to security risks (such as elevated privileges) by allowing an attacker to switch our code with theirs.
More specifically, the service will run a command like %SOME_DIR%node.exe my_javascript.js and we want to avoid having an external player simply switch out the node.exe or the javascript file.
So my question is threefold:
- Is it possible for an attacker without administrative privilege to switch the files used by a service?
- Is this a security concern at all, or can we assume that if an attacker has the ability to reach a point where they can switch the content of the files it’s pretty much game over anyway?
- If it is a security concern, how we can avoid this being an issue/reduce the risk? Is there a way to lock the file such that only privileged users (or the service itself) can change the content of the files? The solution should allow the service to update its code automatically.
Thanks a lot for your answers!
Cheers ☀️
Phil
windows security service
asked yesterday
Philippe HebertPhilippe Hebert
99
New contributor
Philippe Hebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Heyo!
As part of our product, we have an on-premise installer on our client's servers that interacts with their database. We’re currently in the process of transforming it into a windows service. We’ve found how to make the windows service using the nssm, but one thing that we have trouble with is how to ensure that we don’t expose our clients to security risks (such as elevated privileges) by allowing an attacker to switch our code with theirs.
More specifically, the service will run a command like %SOME_DIR%node.exe my_javascript.js and we want to avoid having an external player simply switch out the node.exe or the javascript file.
So my question is threefold:
- Is it possible for an attacker without administrative privilege to switch the files used by a service?
- Is this a security concern at all, or can we assume that if an attacker has the ability to reach a point where they can switch the content of the files it’s pretty much game over anyway?
- If it is a security concern, how we can avoid this being an issue/reduce the risk? Is there a way to lock the file such that only privileged users (or the service itself) can change the content of the files? The solution should allow the service to update its code automatically.
Thanks a lot for your answers!
Cheers ☀️
Phil
windows security service
asked yesterday
Philippe HebertPhilippe Hebert
99
New contributor
Philippe Hebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Heyo!
As part of our product, we have an on-premise installer on our client's servers that interacts with their database. We’re currently in the process of transforming it into a windows service. We’ve found how to make the windows service using the nssm, but one thing that we have trouble with is how to ensure that we don’t expose our clients to security risks (such as elevated privileges) by allowing an attacker to switch our code with theirs.
More specifically, the service will run a command like %SOME_DIR%node.exe my_javascript.js and we want to avoid having an external player simply switch out the node.exe or the javascript file.
So my question is threefold:
- Is it possible for an attacker without administrative privilege to switch the files used by a service?
- Is this a security concern at all, or can we assume that if an attacker has the ability to reach a point where they can switch the content of the files it’s pretty much game over anyway?
- If it is a security concern, how we can avoid this being an issue/reduce the risk? Is there a way to lock the file such that only privileged users (or the service itself) can change the content of the files? The solution should allow the service to update its code automatically.
Thanks a lot for your answers!
Cheers ☀️
Phil
windows security service
asked yesterday
Philippe HebertPhilippe Hebert
99
New contributor
Philippe Hebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Heyo!
As part of our product, we have an on-premise installer on our client's servers that interacts with their database. We’re currently in the process of transforming it into a windows service. We’ve found how to make the windows service using the nssm, but one thing that we have trouble with is how to ensure that we don’t expose our clients to security risks (such as elevated privileges) by allowing an attacker to switch our code with theirs.
More specifically, the service will run a command like %SOME_DIR%node.exe my_javascript.js and we want to avoid having an external player simply switch out the node.exe or the javascript file.
So my question is threefold:
- Is it possible for an attacker without administrative privilege to switch the files used by a service?
- Is this a security concern at all, or can we assume that if an attacker has the ability to reach a point where they can switch the content of the files it’s pretty much game over anyway?
- If it is a security concern, how we can avoid this being an issue/reduce the risk? Is there a way to lock the file such that only privileged users (or the service itself) can change the content of the files? The solution should allow the service to update its code automatically.
Thanks a lot for your answers!
Cheers ☀️
Phil
windows security service
windows security service
asked yesterday
Philippe HebertPhilippe Hebert
99
New contributor
Philippe Hebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked yesterday
Philippe HebertPhilippe Hebert
99
New contributor
Philippe Hebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked yesterday
Philippe HebertPhilippe Hebert
99
New contributor
Philippe Hebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked yesterday
Philippe HebertPhilippe Hebert
99
asked yesterday
Philippe HebertPhilippe Hebert
99
99
New contributor
Philippe Hebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Philippe Hebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Philippe Hebert is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Philippe Hebert is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960507%2fhow-to-prevent-code-injection-swap-for-a-windows-service%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Philippe Hebert is a new contributor. Be nice, and check out our Code of Conduct.
Philippe Hebert is a new contributor. Be nice, and check out our Code of Conduct.
Philippe Hebert is a new contributor. Be nice, and check out our Code of Conduct.
Philippe Hebert is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960507%2fhow-to-prevent-code-injection-swap-for-a-windows-service%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
