Re: IIS6 on Win 2003 server ISAPI loadLibrary security problem

From: "David Wang [Msft]" <someone@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 6 Mar 2006 18:12:20 -0800

Based on your description, I suspect you are talking about an ISAPI Filter
loading DLLs.

Actually, security permissions has always worked the same between IIS5 and
IIS6 for ISAPIs. So really, there's no problem here...

You just happen to use some haphazard behavior which worked on IIS5; we are
forcing you to intentionally make it work on IIS6 for security reasons.
Breaking code like this is generally good for security, even if it means
extra work comes out of it -- we are forcing the user to think and deal with
security because it is definitely not something just for the OS to worry
about:

http://blogs.msdn.com/david.wang/archive/2005/06/29/IIS_User_Identity_to_Run_Code_Part_2.aspx
http://blogs.msdn.com/david.wang/archive/2005/09/30/Thoughts_on_IIS_Security_vs_Apache.aspx
http://blogs.msdn.com/david.wang/archive/2005/10/01/Thoughts_on_IIS_Security_vs_Apache_Part_2.aspx

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"Laco" <LSopko@xxxxxxxxxxxxxxxxxxx> wrote in message
news:1141668866.758220.101210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi,

I have an ISAPI which need load other DLL, which load other dlls. If
this dll is in some directory, which is indicated in system PATH
environment variable I obtain every time
access denied error after loadLibrary call. I tryed set IUSR_ ..
account with even full control on dll directory still no way to make it
work. It work only if all necessary dlls are in

..\system32\inetsrv directory (which is work dir for inetinfo.exe)

Any one can advise me how to make it work from my specific directory?

(on win2k with IIS5 it work fine)

Thx.

Follow-Ups:
- Re: IIS6 on Win 2003 server ISAPI loadLibrary security problem
  - From: Laco

References:
- IIS6 on Win 2003 server ISAPI loadLibrary security problem
  - From: Laco

Prev by Date: Re: Strange login issue
Next by Date: Re: About SSL security and IIS 6.0
Previous by thread: IIS6 on Win 2003 server ISAPI loadLibrary security problem
Next by thread: Re: IIS6 on Win 2003 server ISAPI loadLibrary security problem
Index(es):
- Date
- Thread

Relevant Pages

Re: Unpack Files to memory and then run them (exe protector style)
... whatever;you did never provided security, only the illusion of security to ... crack a software-only security system was three days, and he could crack most in less than ... Since DLLs actually require that real files exist in the file system, ... >users of my app are now requiring more protection of their files so I ...
(microsoft.public.vc.mfc)
Re: dll security
... If he tells you that .Net DLLs are not secure, ... > "Kevin Spencer" wrote in message ... >> control over security on their servers. ... the "new" hosting service doesn't want ...
(microsoft.public.dotnet.framework.aspnet)
Re: Locating dlls on remote server.
... You can do that via either the attributes or straight code. ... > accessible as snap-in dlls. ... I've been able to create the user interface, ... > security for CreateInstanceFrom works. ...
(microsoft.public.dotnet.framework)
Re: IIS6 on Win 2003 server ISAPI loadLibrary security problem
... I believe path resolution is documented to be changed on Windows Server 2003 ... it is not a ISAPI fiter. ... other regular dlls for its internal data processing. ... When i call HxIMGServerISAPI.dll, to process my request, it load ...
(microsoft.public.inetserver.iis.security)
keeping ISAPI extension loaded in Web Server cache
... I have 3 ISAPI DLL's that I want to keep loaded always in the web server (to ... the 3 DLLs into the webserver by hitting the appropriate URL ... I know there is a "ScriptUnloadDelay" registry setting under ... Worst case I can just have an executable keep hitting these DLLs through the ...
(microsoft.public.windowsce.embedded)