The problem with NT services ...

[Balamurugan Koodalingam <balaiswaiting () YAHOO COM>]

Hai!

One significant problem in using Windows NT service
application is that the executable file of the service
application could be replaced with some other
executable - of course another service application, in
which one can do whatever he wants.

I know very well that it is nothing new but just in
case if you wonder ...

For example I can write a service application say
KewlBabe.exe, that will add a user to Administrators
group and then stops or does whatever.

Now, if I (logged-in as ordinary user) do the
following steps, as you may know I can break-in ...

1. Rename an automatic service like spoolss.exe (Note:
in some machines I heared that it is not possible to
rename spoolss.exe. However, antivirus auto protecting
services and many other product's automatic services
executable are always could be renamed, I bet).
2. Rename my service KewlBabe.exe to spoolss.exe.
3. Restart the system.
4. Restore the executable names.

Cool?

I can do whatever in my service.

I have used this method, in our office, to recover
forgotten or unavailable Admin password,

couple of times. Yesterday, I was thinking of how to
prevent this ...

Restricting folder permission while installing the
product will not help if installed in the FAT
partition, right?

There could be many other ways, but what came to mind
was ... just opening the service application's
executable file in the exclusive mode as part of the
service initialising process. And finally as part of
clean up close that file handle. That's it.

In this case I am not able to rename an automatic
servie application's executable file.

But I am not sure of the down side of this method. Is
there any other better way?

Sincerely,
Bala.

Balamurugan Koodalingam,
HCL Technologies Ltd.


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/