Re: Bypassing Personal Firewalls

From: Torbjörn Hovmark (torbjorn.hovmark@abtrusion.com)
Date: 02/23/03

Next message: Simen Bergo: "Mambo SiteServer exploit gains administrative privileges"

Previous message: alias@securityfocus.com: "Re[2]: PHPNuke SQL Injection / General SQL Injection"
Maybe in reply to: xenophi1e: "Bypassing Personal Firewalls"
Next in thread: Zow: "Re: Bypassing Personal Firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Torbjörn Hovmark <torbjorn.hovmark@abtrusion.com>
To: <bugtraq@securityfocus.com>
Date: Sun, 23 Feb 2003 11:05:37 +0100

Oliver,

> Yes. Before we go prompting users ever time someone calls
> CreateFile, though, there are much simpler measures. One of them would
make
> OpenProcess require a priviledge of some sort (see below).

Restricting OpenProcess won't help much. For example, CreateProcess will
return a handle with full access. Actually, the Windows NT code to start a
process utilizes this fact to write to the new process' memory space
(although using native calls rather than Win32). Essentially, once someone
can execute arbitrary code on your system you're toast. There are just too
many holes in Windows for it to be feasible to plug them all. The focus
ought to be on preventing the code execution in the first place, not on
trying to contain it.

Best regards,
Torbjörn Hovmark

______________________________________
Abtrusion Security AB
- next generation intrusion protection
http://www.abtrusion.com

Next message: Simen Bergo: "Mambo SiteServer exploit gains administrative privileges"
Previous message: alias@securityfocus.com: "Re[2]: PHPNuke SQL Injection / General SQL Injection"
Maybe in reply to: xenophi1e: "Bypassing Personal Firewalls"
Next in thread: Zow: "Re: Bypassing Personal Firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]