Description
In src/Servy.Core/Services/ServiceManager.cs, SCM and service handles are opened with maximum permissions:
Line 303 and 542:
IntPtr scmHandle = _windowsServiceApi.OpenSCManager(null!, null!, SC_MANAGER_ALL_ACCESS);
Requests SC_MANAGER_ALL_ACCESS (0xF003F) including SC_MANAGER_LOCK, SC_MANAGER_MODIFY_BOOT_CONFIG, etc. Install only needs SC_MANAGER_CREATE_SERVICE; other operations only need SC_MANAGER_CONNECT.
Line 548:
IntPtr serviceHandle = _windowsServiceApi.OpenService(scmHandle, serviceName, SERVICE_ALL_ACCESS);
Uninstall only needs SERVICE_STOP | SERVICE_QUERY_STATUS | SERVICE_CHANGE_CONFIG | DELETE.
Severity
Info — violates principle of least privilege (CWE-272). Windows enforces actual permissions at the operation level, but over-requesting widens the attack surface if handles are leaked and produces less specific error messages.
Suggested fix
Use minimum required permissions per operation:
// Install
OpenSCManager(null, null, SC_MANAGER_CREATE_SERVICE)
// Uninstall
OpenService(scmHandle, name, SERVICE_STOP | SERVICE_QUERY_STATUS | SERVICE_CHANGE_CONFIG | DELETE)
Description
In
src/Servy.Core/Services/ServiceManager.cs, SCM and service handles are opened with maximum permissions:Line 303 and 542:
Requests
SC_MANAGER_ALL_ACCESS(0xF003F) includingSC_MANAGER_LOCK,SC_MANAGER_MODIFY_BOOT_CONFIG, etc. Install only needsSC_MANAGER_CREATE_SERVICE; other operations only needSC_MANAGER_CONNECT.Line 548:
Uninstall only needs
SERVICE_STOP | SERVICE_QUERY_STATUS | SERVICE_CHANGE_CONFIG | DELETE.Severity
Info — violates principle of least privilege (CWE-272). Windows enforces actual permissions at the operation level, but over-requesting widens the attack surface if handles are leaked and produces less specific error messages.
Suggested fix
Use minimum required permissions per operation: