لطفا منتظر باشید ...
Sharing Kernel Objects with a Service
There can be situations in which a service and applications share a kernel object. For example, the service might use a named mutex to protect a shared memory region used to communicate with applications. Furthermore, in this example, the file mapping would also be a shared kernel object.There is a difficulty caused by the fact that applications run in a security context separate from that of services, which can run under the system account. Even if no protection is required, it is not adequate to create and/or open the shared kernel objects with a NULL security attribute pointer (see Chapter 15). Instead, a NULL discretionary access control list (see Chapter 15) is required at the very leastthat is, the applications and the service need to use a non-NULL security attribute structure. In general, you may want to secure the objects, and, again, this is the subject of Chapter 15.Also notice that if a service runs under the system account, there can be difficulties in accessing resources on other machines, such as shared files, from within a service.
