Announcement

Collapse
No announcement yet.

Impersonation

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Impersonation

    Hi,

    If I run an IIS6 site application pool as 'localsystem' I see with the token monitor from sysinternals that NTAUTHORITY\SYSTEM impersonates networkservice, does this mean w3wp.exe is relatively safe because it is running in the context of networkservice, even it is started by SYSTEM?

    Since the process appears to run as networkservice, if someone manages to compromise the w3wp.exe will they have localsystem privelieges or networkservice priveliges?

    I don't understand the way process tokens work very well, sorry.

    Thanks!

    Geoff
Working...
X