Re: Privilege-escalation attacks on NT-based Windows are unfixable

Date: 08/23/02

Date: Thu, 22 Aug 2002 23:06:27 +0100

On Thu, 22 Aug 2002 21:09:56 +0100, Barry Margolin wrote:

> In article <>, Sam
> Simpson <> wrote:
>>But in other environments (such as Citrix or Terminal Server "Windows
>>Mainframe") the effect of a supposedly normal-rights user elevating to
>>Local Admin rights could well affect 200 odd concurrent users.
>>Keeping mind that there are literally 10's or 100's of millions of TS
>>users, this is a big problem IMHO.
> That's a whole other problem: they turned a single-user OS into a
> multi-user timesharing system. There are many fundamental design
> decisions that must be made depending on this aspect of an OS, and you
> can't simply morph one into the other.

Well, add that to the list of MS SecEng crimes then ;)

> single-user facade on top of Unix, a multi-user OS. I don't know all
> the details of how they've done this, but I suspect there are zillions
> of setuid-root programs that allow ordinary users to perform
> administrative tasks without having to logout and login, or sudo is
> configured to allow all these things (I see lots of mentions of sudo in
> the comp.sys.mac.system newsgroup, so I think it's probably the latter).
> In both cases, I think security problems are likely. You're trying to
> put one leg in the single-user world, the other leg in the multi-user
> world, but the chasm is too wide and you fall to your death.

Right. So why not follow a nice tried and trusted method that has stood
the test of time....Unix + X?


Sam Simpson