Re: Hacking Windows Security Principal

• Previous message: B S Wootton: "Re: Adjust .NET Security Levels to Mass of machines"
• In reply to: Rene: "Hacking Windows Security Principal"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 30 Jan 2005 21:09:03 -0800

Even if your worst case scenario were to occur, as soon as your application
tried to access a Windows resource it would fail. For one, the OS will know
that the current user has not been authenticated and a challenge will
result. If the user were authenticated and your next scenario were to occur,
Windows would again catch it because the user does not belong to
"FullControl".

The WindowsPrincipal is an in memory representation of a user and the roles
that the user is in. This does not mean that the OS will not verify against
it's own information.

-- 
Chris Rolon
"Rene" <nospam@nospam.com> wrote in message
news:OvwpZg2AFHA.2676@TK2MSFTNGP12.phx.gbl...
> According to my research, it looks like I can use the Windows Security
> Principal to verify that a user is authenticated or to see if they belong
to
> a certain group etc.
>
> The thing that bothers me is that this object resides in the client
computer
> memory and everybody knows that this makes this object more vulnerable to
> hacker attacks.
>
> My question is, how difficult would be for a hacker to go directly to
memory
> and flip the IsAuthenticated bit from 0 to 1? or go directly through
memory
> and change a group name from "ZeroControl" to "FullControl"? Once those
> changes are made, the attacker would be able to easily bypass my roll base
> security and I will be... Oh my, I don't even what to think about that.
>
> This is just a silly example but I hope it gets the point across, thank
you
> for any information.
>
>

• Previous message: B S Wootton: "Re: Adjust .NET Security Levels to Mass of machines"
• In reply to: Rene: "Hacking Windows Security Principal"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]