Re: Access Token with conflicting SIDs



Let's use this registry key as an example of what I'm working with:
HKLM\SYSTEM\CurrentControlSet\Enum\IDE\<CdRom_subkey>
(this is where the Sony root kit makes its "LowerFilters" entry)

In this case, I'm dealing with a key that already exists so I'm not the
one who set up the security on the reg keys. I'm just trying to modify
values in them. For some keys I may want to actually delete the entire
key.

Are you suggesting that I change the DACL in the IDE or Enum registry
keys when you say "at a higher level"? I see that the CdRom_subkey
inherits it's permissions from IDE, which inherits from Enum. Enum
does not inherit from CurrentControlSet. I'm afraid I don't understand
what changes you are suggesting I make to those higher keys that will
keep their security intact.

I agree that I don't want to be changing an object's security
permissions on the fly. That is why I'm looking for a solution that
doesn't require modifying any DACLs. I don't understand why processes
created in an admin account are created with an access token that has
the Everyone SID in it which then hinders the way the process interacts
with securable objects.... there's got to be a better way to work with
secured objects than lowering their security, I hope?!

Thanks, again!

.



Relevant Pages

  • Re: OT - Kuwait
    ... > strict security procedures to prevent unauthorized release of the keys. ... > established their authority to acquire the content of those communications ... Every one but you knows the government has been evesdropping on email & ... Social Security Administration have computer files on nearly all Americans. ...
    (alt.sports.football.pro.ne-patriots)
  • [Full-Disclosure] Security Industry Under Scrutiny: Part One
    ... >Even the kabbalah is open to anyway wishing to learn. ... The keys to compromising computer systems are placed in the ... Utopian Secure Internet will always be a thing of fantasy, and no security ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] SSH vs. TLS
    ... > frowned upon by network ops and security. ... > - There must be a secure means by which all server keys are distributed to ... > appropriate ssh clients. ... > servers from using expired keys. ...
    (Full-Disclosure)
  • Re: Best Practice for storing TripleDES key and vector?
    ... > factor out of the security equation is the user/administrator trust issue. ... which unlocks the encrypted HMACHSA1 keys is stored securely ... protecting access to the RSA private key credential ... like protecting database encryption keys). ...
    (microsoft.public.dotnet.security)
  • [NT] Hot Key Permissions Bypass under Windows XP
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... "Hot keys" allow non-administrative users to execute Administrator owned ... logged in as an account besides that of the first/administrative. ...
    (Securiteam)