Re: Privilege-escalation attacks on NT-based Windows are unfixable

From: David Hopwood (david.hopwood@zetnet.co.uk)
Date: 08/22/02


Date: Thu, 22 Aug 2002 05:12:03 +0000
From: David Hopwood <david.hopwood@zetnet.co.uk>


-----BEGIN PGP SIGNED MESSAGE-----

Barry Margolin wrote:
> Alan <a__l__a__n@hotmail.com> wrote:
> >alun@texis.com (Alun Jones) wrote:
> >> I was saying, and you seem to have backed me up, that the problem is in the
> >> application and not in the operating system.
> >
> >You are missing a fundamental point. If I'm writing a program to run
> >on Windows, and if access control is important to my app, I have to
> >trust that EVERY OTHER program running on the box is following the
> >rules.
>
> Or you implement it in a way that prevents those other applications from
> sending fake user input to your application.

You're missing a__l__a__n's point. If any other privileged app doesn't follow
the rules [*], then any other app can elevate itself to those privileges. If
they are high enough, then your app's security is hosed no matter what checks
it does itself.

[*] noting that there is some question about whether it is practical to
    follow them at all.

- --
David Hopwood <david.hopwood@zetnet.co.uk>

Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBPWRwMjkCAxeYt5gVAQHZIwf9G/DbpvFQ17seGWQne7Xv2RiaTvAElNxc
MWyOz7tZTeb9ZqDak6qJD6lgs9XVWB59ckKE5izBvFlNLaRTrlTJyBrbogol66s1
kI9oIjMgxwigMUW6ZPzcTEOv+tD7ytcgI9BGI1QjM9QjQBqpiqK5eXzuk5cwRiZ5
5iFv5C7KNjjj0rZygYJSw7he3S8h/pxbA1lgh92wO3OjXb93167ijSsjPrGek3Jj
2aJIOOjaaSVAIZhchffWRAkZtOfG7P4L7piCjgrHNXi4BwAKtLMaetFeJtvKYjcl
px+MzFr3cQtmhK1Vy41y9YBjcpw7CrizvboNXsFBdC4EKnWqQJWEaA==
=Bnto
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: Privilege-escalation attacks on NT-based Windows are unfixable
    ... >>> I was saying, and you seem to have backed me up, that the problem is in the ... >>trust that EVERY OTHER program running on the box is following the ... then any other app can elevate itself to those privileges. ... public key but refuse to specify why, it is because the private key has been ...
    (comp.security.misc)
  • Re: Why everyone uses envelopes but few encrypt emails?
    ... realizing the idea that probably aren't secure, ... future messages will be encrypted by the recipient's public key - this ... will be as secure as PGP or S/MIME. ... the password and the app. ...
    (sci.crypt)
  • Problems web-deploying a winforms app
    ... and a single dll. ... Both contain a public key file that I created using ... I've also created a simple html page so I can deploy the app via the ... Because I created a public key, I get the option to trust all ...
    (microsoft.public.dotnet.framework.windowsforms)
  • Re: Custom app & Winlogon.exe fighting
    ... going through certain actions and then exiting our custom app. ... with the same app while running on a Win2k machine. ... Is this program running as a service? ...
    (microsoft.public.vb.general.discussion)
  • Re: data encryption advice needed
    ... This is typically done with digital signatures. ... the public key will be wrapped in an X509 certificate. ... > i need to implement some data encription in my app. ... > need the app to be able to decrypt but not encrypt that data. ...
    (microsoft.public.dotnet.security)