Re: Fixable

From: Alun Jones (alun@texis.com)
Date: 08/23/02

Next message: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
Previous message: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
In reply to: Casper H.S. Dik: "Re: Fixable"
Next in thread: Barry Margolin: "Re: Fixable"
Reply: Barry Margolin: "Re: Fixable"
Reply: Bernd Eckenfels: "Re: Fixable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: alun@texis.com (Alun Jones)
Date: Fri, 23 Aug 2002 16:02:54 GMT

In article <ak57s5$hcp$3@news1.xs4all.nl>, Casper H.S. Dik
<Casper.Dik@Sun.COM> wrote:
>>A better fix, that could be applied by an OS patch, would be to actually alter
>>the default window procedure, and the SetTimer / KillTimer functions, so that
>>a WM_TIMER message with a callback would only be accepted if the callback
>>address matched that passed in through a SetTimer call in the same process
>>space.
>
>Why not filter WM_TIMER messages when they're passed from one security
>context to a more privileged one?

Not much of a reason. But then again, why not prevent WM_TIMER messages from
containing a callback function pointer? SetTimer gives you a timer ID (or
takes one from you) - why have an ability to pass a function pointer to be
given back "later"?

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.

Next message: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
Previous message: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
In reply to: Casper H.S. Dik: "Re: Fixable"
Next in thread: Barry Margolin: "Re: Fixable"
Reply: Barry Margolin: "Re: Fixable"
Reply: Bernd Eckenfels: "Re: Fixable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Fixable
... >>the default window procedure, and the SetTimer / KillTimer functions, so that ... >>a WM_TIMER message with a callback would only be accepted if the callback ... >>address matched that passed in through a SetTimer call in the same process ... Fax/Voice +1258-9858 | read details of WFTPD Pro for XP/2000/NT. ...
(comp.security.misc)
Re: Fixable
... a WM_TIMER message with a callback would only be accepted if the callback ... address matched that passed in through a SetTimer call in the same process ... Texas Imperial Software | Try WFTPD, the Windows FTP Server. ... Fax/Voice +1258-9858 | read details of WFTPD Pro for XP/2000/NT. ...
(comp.security.misc)
Re: Fixable
... a WM_TIMER message with a callback would only be accepted if the callback ... address matched that passed in through a SetTimer call in the same process ... Texas Imperial Software | Try WFTPD, the Windows FTP Server. ... Fax/Voice +1258-9858 | read details of WFTPD Pro for XP/2000/NT. ...
(comp.os.ms-windows.nt.admin.security)
Re: SetTimer() & callback handler
... SetTimer was written way back when the Windows World was young, and C++ hadn't yet swept the world ... What criterion should be used to associate a timer callback with a MomPC instance? ... when the handler runs btn_timer ...
(microsoft.public.vc.language)
Yet another timers-and-threads question
... SetTimer with callback function is not generally useful, ... I can hook into an existing window somewhere and get it to process ... WM_TIMER, or I can set up a separate thread to do a waitable timer and the ...
(microsoft.public.vc.mfc)