Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive



On Thu, 26 Aug 2010, Dan Kaminsky wrote:

The question is whether they're supposed to execute code in this
particular context.

I think the question ought to be: what authority and privileges shall be
granted to the code when it is executed?

--
Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • this ?
    ... THE AUTHORITY IN EVERY CONTEXT IN WHICH I FIND MYSELF ... IN- IF I DESIRE TO BE IN ACOUNT WITH GOD, ... back now but as a Christian. ...
    (soc.religion.quaker)
  • Re: How effective is a router as a firewall?
    ... > machine to attacks that can utilize your elevated security context. ... this from to be secure - I control the firewall, the IDS, the Anti-Virus ... > privileges only when you need to. ... even spell Administrator let alone know what to do about privileges. ...
    (comp.security.firewalls)
  • Re: Authorities
    ... > One trouble with dictionaries is that they don't adequately show context - ... > Authority has scope, ... One of the reasons Chuck was offended by my original post is because he ... believed I was stating matters of opinion as matters of fact. ...
    (comp.lang.cobol)
  • Re: What, exactly, is Apples iPod business model?
    ... What was the "context"? ... Talking about arguments by authority, ... what's "honest to goodness thinking" in a complete vacuum? ... the logical fallacy is not in referencing authority per se, ...
    (comp.sys.mac.apps)
  • Re: [Full-disclosure] TTY handling when executing code in lower-privileged context (su, virt
    ... that a program started from interactive shell can ... to another context without closing the TTY file descriptors. ... execution outside container while 'lxc-console' was not. ... shell may allow the untrusted user to escalate privileges to the user ...
    (Full-Disclosure)