Service Object Security
Once the SCM has installed a service, the service becomes a securable object just like threads, processes, and so on, which I discussed in Chapter 3, "Security Model."
Just like any other object, a service object has some basic attributes attached to it:
The SID of the owner—the user who installed it.
A DACL.
A SACL.
As expected, the SACL contains audit instructions for the kernel. The DACL contains the usual list of SIDs and the privileges allowed to those users and groups. Table 5.1 lists the privileges for service objects.
| Access Flag | Meaning |
|---|---|
| SERVICE_ALL_ACCESS | Just what it says—everything in this table. |
| SERVICE_CHANGE_CONFIG | Enables ChangeServiceConfig() to adjust a service's configuration. ... |
Get Microsoft® Windows® 2000 Security Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
