What are the security risks in running a Windows Service as "Local System"?

Question

I have written a .NET Windows service which runs as "Local System". Recently I read that, running as local system might expose system credential to hackers enabling them to take over the system. What are the risks involved and how can I prevent them when I run service as Local System.

Answer 1

With any service that you run, or I believe any application, you should have the application remove permissions that are not needed, to reduce the impact of hackers.

So, if the service doesn't need to write to the local directory, or delete, then remove that permission.

Also, you can look at whether you will need access to registry keys.

There are various permissions you can remove to limit the damage that can be done.

Edit: You may want to do a find for S2. Window Services to find more information about the risks due to Local System. http://www.sans.org/top20/

Answer 2

I think the main problem is that if someone will discover a security bug in your service that lets him access system resources and/or execute code - it access/execute with Local System rights (which are the same as built in Administrators). The question is - are you totaly sure your service is hacker proof?? :P

Answer 3

Services running as LocalSystem are part of the system's trusted space. Technically speaking, they have the SeTcbName privilege. This means, inter alia, that such services can alter any security settings, grant themselves any privileges, and generally do anything Windows can do.

As a result, any flaw in your service — unsanitized input passed to system functions, bad dll search paths, buffer overruns, whatever — becomes a critical security hole. This is why no system administrator in an enterprise environment will permit your service to be installed if it runs under LocalSystem. Use the LocalService and NetworkService accounts.