Can I run a service executable from a network location?

Raymond Chen

Raymond

A customer liaison wanted to know whether it is possible to run a service executable from a network location. The customer was doing so and running into problems, and they wanted to know whether it is a legal scenario.

Running a service from a network location is a bad idea. If the computer lose network connectivity momentarily, the service may die with STATUS_IN_PAGE_ERROR. (You can try to mitigiate this with /SWAPRUN:NET.) Plus there is a security issue here, because your computer is now trusting code that is coming from another computer. If somebody attacks your network and masquerades as the other computer, they can inject code into your computer with system privileges. If that other computer becomes compromised, then the attacker can inject code onto any computer that is running a service from the compromised computer.

But even though it’s a bad idea, it is nevertheless technically legal, in the same way that it is technically legal to use strcpy or to park your car and leave the windows open and the key on the front seat.

But if you run into problems, all everybody is going to tell you is, “Don’t do that.”

(The MSDN documentation advises against putting the service executable on another computer, which is already a step up from the traditional MSDN approach of merely providing facts and leaving you to develop your own guidance. But it can’t bring itself to say that doing so is a bad idea; it merely says that “It is best to use a local file.”)

0 comments

Comments are closed. Login to edit/delete your existing comments