RE: Question regarding su.exe

From: exon (exon_at_home.se)
Date: 06/17/03

  • Next message: Ben Collins: "RE: Question regarding su.exe"
    Date: Tue, 17 Jun 2003 11:49:22 +0200 (CEST)
    To: focus-ms@securityfocus.com
    
    

    That doesn't really matter. The overflow hazard will still be there,
    allowing execution of code with elevated privileges. This, however, only
    applies to programs that are flawed (many ms products are) in such a way
    that it somewhere in it has erroneous pointer handling, allowing user
    input that is larger than the memory assigned to store it.
    This can easily be checked for and corrected if you have the
    sources to the programs you're installing.

    In simplified terms: A program that can be crashed, can be used to gain
    privileges.

    /Andy

    On 15 Jun 2003, Kevin Saenz wrote:

    > Windows 2000 has the facility of allowing to use the option of
    > run as. Also what you can do in the roll out stage of windows2000
    > is nominate applications that require privileged access.
    > As a result not needing su.exe
    >
    >
    > > Is this an NT4 environment?
    > >
    > > Laura
    > >
    > > > -----Original Message-----
    > > > From: Ben Collins [mailto:BenCollins@gateshead.gov.uk]
    > > > Sent: Thursday, June 12, 2003 6:23 AM
    > > > To: 'focus-ms@securityfocus.com'
    > > > Subject: Question regarding su.exe
    > > >
    > > >
    > > > Hello,
    > > >
    > > > We have an external software supplier who has recently
    > > > updated their product. Unfortunately the only way the
    > > > application will now work correctly is if the user has
    > > > Administrative rights. As an organisation we are reluctant to
    > > > give these rights to our users. The suppliers have suggested
    > > > that we use su.exe.
    > > >
    > > > Is the usage of su.exe susceptible to the same kinds of
    > > > problems as running a UNIX application suid? Specifically, if
    > > > the application breaks, will the user be left with elevated
    > > > privileges?
    > > >
    > > > Thanks,
    > > >
    > > > Ben Collins
    > > >
    > > >
    > > > **********************************************
    > > > Important Information
    > > > This e-mail constitutes a confidential communication and is
    > > > subject to legal privilege. If you have received this e-mail
    > > > in error, please notify us immediately. You should not use or
    > > > copy it for any purpose, nor disclose it to any other person.
    > > > **********************************************
    > > >
    > > >
    > > > --------------------------------------------------------------
    > > > ---------------
    > > > --------------------------------------------------------------
    > > > ----------------
    > > >
    > >
    > >
    > > -----------------------------------------------------------------------------
    > > ------------------------------------------------------------------------------
    > --
    > Regards,
    >
    > Kevin Saenz
    >
    > Spinaweb
    > Your one stop shop for I.T solutions.
    >
    > Ph: 02 4620 5130
    > Fax: 02 4625 9243
    > Mobile: 0418455661
    > Web: http://www.spinaweb.com.au
    >
    >
    > -----------------------------------------------------------------------------
    > ------------------------------------------------------------------------------
    >
    >
    >

    -----------------------------------------------------------------------------
    ------------------------------------------------------------------------------


  • Next message: Ben Collins: "RE: Question regarding su.exe"

    Relevant Pages

    • Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
      ... is that they're all just as happy to open a Word Document with winword.exe, ... the security model is that authority and privileges are the ... expansive set that is full code execution as that user. ...
      (Full-Disclosure)
    • Re: CreateProcessWithLogonW Problem using from service
      ... Evelevating the privileges of my process would be great. ... > How do they think that your process is secure if it can start another ... > starting an arbitrary program with your elevated privileges? ... > batch job", I don't know what CreateProcessAsLogonW does. ...
      (microsoft.public.win32.programmer.kernel)
    • Re: Running Programs with Elevated Privileges
      ... I think the domain policy is overriding anything local since the user in ... >> more privileges on the domain than they should have. ... > Not so - it will only give them more privileges on the local computer, ... >> with elevated privileges, kind of like a RUN AS feature, ...
      (microsoft.public.win2000.security)
    • Re: Running Programs with Elevated Privileges
      ... Jeff Smyrski wrote: ... > more privileges on the domain than they should have. ... Not so - it will only give them more privileges on the local computer, ... > with elevated privileges, kind of like a RUN AS feature, ...
      (microsoft.public.win2000.security)
    • Re: On the development of C
      ... The problem is that plenty of code *without* elevated privileges ends up ... assumption that an editor will at some point be invoked by a privileged ... running with elevated privileges of an inherited sort, ...
      (comp.lang.c)