-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 28 Aug 2003, Devin Heitmueller wrote:
[snip]
[Whoops, quoting Gerald Combs IIRC]
> > Also, the Windows universe doesn't have setuid(). To add equivalent
> > functionality we could create a capture service. It looks like the
> > rpcapd daemon that ships with the latest version of WinPcap may be
> > something we can use.
>
> How does it implement access control? Ideally, on win32 it would be
> nice if group membership could be used to dictate who could access the
> interface to the capture service. This would allow administrative
> control over who can do captures.
Microsoft doesn't exactly advertise it, but services have ACLs attached
which can limit who is allowed to start, stop, and otherwise talk to them
via the Service Control Manager. I recall that it is even possible to
push these ACLs onto ADS member hosts using Group Policy. And of course,
once the service has been contacted, it can decide whether to honor the
request using private means.
- --
Mark H. Wood, Lead System Programmer mwood@xxxxxxxxx
MS Windows *is* user-friendly, but only for certain values of "user".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iD4DBQE/T1w/s/NR4JuTKG8RAv1sAKCnbp56jAMxK/uMwcgVqlojNWNlmQCXfaac
mZ2+/A+U7ZlnBwAoDiwLNQ==
=1FIY
-----END PGP SIGNATURE-----
