Re: Privilege-escalation attacks on NT-based Windows are unfixable
From: david20@alpha2.mdx.ac.ukDate: 08/23/02
- Next message: : "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Previous message: Barry Margolin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: david20@alpha1.mdx.ac.uk: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: david20@alpha1.mdx.ac.uk: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: david20@alpha2.mdx.ac.uk Date: Fri, 23 Aug 2002 15:28:19 +0000 (UTC)
In article <ak5713$hcp$1@news1.xs4all.nl>, Casper H.S. *** <Casper.***@Sun.COM> writes:
>david20@alpha1.mdx.ac.uk writes:
>
>>Is Microsoft trying to get any Common criteria security classifications for
>>Windows - because this has certainly blown a hole in any claims for C2 level
>>security with or without network connectivity.
>
>Security evaluations typically are limited to certain hardware and
>software setups.
>
>I.e., by excluding privileged software susceptible to WM_TIMER, you can still
>get evaluated.
>
>You can run an evaluated OS platform, but you cannot install anything on it
>as that invalidates the evaluation.
>
The evaluation includes looking at protocols and APIs for obvious security
failings.
>From the Orange Book documentation on C2 security
(http://www.radium.ncsc.mail/tpep/library/rainbow/5200.28-STD#HDR2.2.3)
"
2.2.3.2.1 Security Testing
The security mechanisms of the APD system shall be tested and found to
work as claimed in the system documentation. Testing shall be done to
assure that there are no obvious ways for an unauthorized user to bypass
or otherwise defeat the security mechanisms of the TCB. Testing shall
also include a search for obvious flaws that would allow violation of
resource isolation, or that would permit unauthorized access to the audit
or authentication data. (See the Security Testing guidelines)
"
The argument that the flaw is documented and it is upto the application writer
to be aware of this and take action in his programs does not wash.
Imagine an OS where it is documented that by compiling and linking an
application it was automatically given full privileges unless the application
developer made a call in his program that turned all privileges off.
That system could not be called secure and given a C2 security classification
even if all the programs running on the system as it was being evaluated had
been written to make that call.
David Webb
VMS and Unix team leader
CCSS
Middlesex University
>Casper
>--
>Expressed in this posting are my opinions. They are in no way related
>to opinions held by my employer, Sun Microsystems.
>Statements on Sun products included here are not gospel and may
>be fiction rather than truth.
- Next message: : "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Previous message: Barry Margolin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: david20@alpha1.mdx.ac.uk: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: david20@alpha1.mdx.ac.uk: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
