Re: Privilege-escalation attacks on NT-based Windows are unfixable

From: David Hopwood (david.hopwood@zetnet.co.uk)
Date: 08/22/02


Date: Thu, 22 Aug 2002 05:12:03 +0000
From: David Hopwood <david.hopwood@zetnet.co.uk>


-----BEGIN PGP SIGNED MESSAGE-----

Barry Margolin wrote:
> Alan <a__l__a__n@hotmail.com> wrote:
> >alun@texis.com (Alun Jones) wrote:
> >> I was saying, and you seem to have backed me up, that the problem is in the
> >> application and not in the operating system.
> >
> >You are missing a fundamental point. If I'm writing a program to run
> >on Windows, and if access control is important to my app, I have to
> >trust that EVERY OTHER program running on the box is following the
> >rules.
>
> Or you implement it in a way that prevents those other applications from
> sending fake user input to your application.

You're missing a__l__a__n's point. If any other privileged app doesn't follow
the rules [*], then any other app can elevate itself to those privileges. If
they are high enough, then your app's security is hosed no matter what checks
it does itself.

[*] noting that there is some question about whether it is practical to
    follow them at all.

- --
David Hopwood <david.hopwood@zetnet.co.uk>

Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBPWRwMjkCAxeYt5gVAQHZIwf9G/DbpvFQ17seGWQne7Xv2RiaTvAElNxc
MWyOz7tZTeb9ZqDak6qJD6lgs9XVWB59ckKE5izBvFlNLaRTrlTJyBrbogol66s1
kI9oIjMgxwigMUW6ZPzcTEOv+tD7ytcgI9BGI1QjM9QjQBqpiqK5eXzuk5cwRiZ5
5iFv5C7KNjjj0rZygYJSw7he3S8h/pxbA1lgh92wO3OjXb93167ijSsjPrGek3Jj
2aJIOOjaaSVAIZhchffWRAkZtOfG7P4L7piCjgrHNXi4BwAKtLMaetFeJtvKYjcl
px+MzFr3cQtmhK1Vy41y9YBjcpw7CrizvboNXsFBdC4EKnWqQJWEaA==
=Bnto
-----END PGP SIGNATURE-----