Re: Privilege-escalation attacks on NT-based Windows are unfixable

From:
Date: 08/23/02


Date: Thu, 22 Aug 2002 23:06:27 +0100

On Thu, 22 Aug 2002 21:09:56 +0100, Barry Margolin wrote:

> In article <pan.2002.08.22.19.07.38.77231.1730@samsimpson.com>, Sam
> Simpson <sam@samsimpson.com> wrote:
>>But in other environments (such as Citrix or Terminal Server "Windows
>>Mainframe") the effect of a supposedly normal-rights user elevating to
>>Local Admin rights could well affect 200 odd concurrent users.
>>
>>Keeping mind that there are literally 10's or 100's of millions of TS
>>users, this is a big problem IMHO.
>
> That's a whole other problem: they turned a single-user OS into a
> multi-user timesharing system. There are many fundamental design
> decisions that must be made depending on this aspect of an OS, and you
> can't simply morph one into the other.

Well, add that to the list of MS SecEng crimes then ;)

> single-user facade on top of Unix, a multi-user OS. I don't know all
> the details of how they've done this, but I suspect there are zillions
> of setuid-root programs that allow ordinary users to perform
> administrative tasks without having to logout and login, or sudo is
> configured to allow all these things (I see lots of mentions of sudo in
> the comp.sys.mac.system newsgroup, so I think it's probably the latter).
>
> In both cases, I think security problems are likely. You're trying to
> put one leg in the single-user world, the other leg in the multi-user
> world, but the chasm is too wide and you fall to your death.

Right. So why not follow a nice tried and trusted method that has stood
the test of time....Unix + X?

-- 
Regards,

Sam Simpson http://www.samsimpson.com/