Impersonation

Home Forums Security General Security Impersonation

This topic contains 0 replies, has 1 voice, and was last updated by Avatar gzt 14 years, 10 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    gzt
    Member
    #99509

    Hi,

    If I run an IIS6 site application pool as ‘localsystem’ I see with the token monitor from sysinternals that NTAUTHORITYSYSTEM impersonates networkservice, does this mean w3wp.exe is relatively safe because it is running in the context of networkservice, even it is started by SYSTEM?

    Since the process appears to run as networkservice, if someone manages to compromise the w3wp.exe will they have localsystem privelieges or networkservice priveliges?

    I don’t understand the way process tokens work very well, sorry.

    Thanks!

    Geoff

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.