-
Notifications
You must be signed in to change notification settings - Fork 17.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/sys/windows/svc/mgr: Allow clients to request read-only access to the Service Control Manager and to individual services #51465
Comments
@dblohm7 thank you for creating the issue. I am not sure what you are trying to do, but I tried running your program with these changes in
and your program still fails with
What you are trying to do exactly? I made decision to just use I obviously tried to keep Then I discovered that I needed access to the service manager on another Windows pc. That is how I suppose we can add new methods similar to Perhaps you have other ideas. Thank you. Alex |
I'm trying to query a service - find out if a service by a specific name exists or not, and if it does query its configuration.
I appreciate that, and if it were a personal project I wouldn't be complaining, but since this package is sanctioned and sponsored by Google/Golang we would like to see it working better. Working when run as non-admin/not elevated (i.e. non-root in Linux equivalent terminology) is not a high bar to expect.
More likely that the actual required permissions would have been passed rather than these two. It's just one more parameter, not dozens. And if you want to assume required permissions, like |
@alexbrainman, how's the investigation going? What are the chances that this gets fixed? |
Ping? |
What is the recommended solution ? |
@alexbrainman I have been working on some code to return a list of services on a Windows machine, and I needed to list the services without elevated privileges. Instead of passing For opening a service, I similarly had to pass the specific access right I wanted to So the calls should look like this:
and
I think making two new functions that accept permissions makes sense. Perhaps we can call them |
Sounds good to me. But I suspect we need to write a proposal now to add these functions. If you want to write a proposal, here https://github.com/golang/proposal?tab=readme-ov-file are some info. You can probably make your proposal short, because it is not complicated. And others might suggest better names for these functions. Alex |
I've been wanting exactly this as well. I was going to work up a proper PR, but it sounds like that would be premature at this point until a proposal is agreed? |
Proposal raised at #66694 since I couldn't find an existing one. The changes are simple enough, but it would take me a little while to get into the position to submit the PR according to requirements etc. |
Mgr.Connect
always requestsSC_MANAGER_ALL_ACCESS
rights, andMgr.OpenService
always requestsSERVICE_ALL_ACCESS
rights. Since both of those methods are requesting write access, they require the current user to run at a higher permission level than may otherwise be required by the caller.It would be nice if additional methods were exposed that would allow either for finer-grained control over the access requested, or at least a variant that requests read-only (ie,
GENERIC_READ
) access.Of course, this is easily worked around by directly calling the necessary Win32 APIs, but that isn't the cleanest.
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
What did you expect to see?
The program returns without error.
What did you see instead?
The program fails with access denied errors.
The text was updated successfully, but these errors were encountered: