New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/sys/windows: get Windows services status without all access permissions #48777
Comments
CC @bufflig |
I chose We could have pass dwDesiredAccess parameter to Connect and OpenService, but then everyone would have to pass I am not keen on adding new APIs similar to Connect and OpenService but with extra dwDesiredAccess parameter either. The API in that package is already big enough. Can you just clone and change the code? Thank you. Alex |
Short of shelling out and running Thanks! |
Yes, you can copy whatever code you need out of golang.org/x/sys/windows/svc/mgr package (and replace SERVICE_ALL_ACCESS with whatever const works for your case). You say https://pkg.go.dev/golang.org/x/sys@v0.0.0-20211004093028-2c5d950f24ef/windows/svc/mgr#Service.Query and then remove all the code you don't need. Alternatively you can just keep whole golang.org/x/sys/windows/svc/mgr package and just replace SERVICE_ALL_ACCESS with whatever value you like. Perhaps I don't understand your question. If so, then try again. Alex |
Ah thanks for detailing that, let me talk it over with the team. I will go ahead and close this as it does not sound like this would happen upstream. Thanks again! |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
By default, the Connect and OpenService calls will both attempt to run with the
SERVICE_ALL_ACCESS
option. This is, as the name implies, elevated permissions.What did you expect to see?
It would be preferable if the permission level could optionally be set by the user to something like
GENERIC_READ
. For example, if the user only wants to get the state of services and not stop/start them, then limiting the user to the lowest level of permissions required would be preferred.What did you see instead?
Any action requires the use of the
SERVICE_ALL_ACCESS
permission level.The text was updated successfully, but these errors were encountered: