Re: verifying cmd.exe
- From: "RossettoeCioccolato" <gmgarner@xxxxxxxxxxxxxxxx>
- Date: Fri, 30 Jun 2006 12:16:47 -0400
Laszlo,
Why do you need to verify cmd.exe? It can run any other executables (and I
assume that is exactly your goal) but it will NOT be able to verify those
executables - so anybody can replace them.
Thanks for taking the time to respond. I indeed intend to start other
executables using the command interpreter; however, the other executables
will be burned to read only media.
A sophisticated attacker could/would simply modify the code after it is
loaded into memory so that the on-disk signature/hash always remains the
same. This is an inherit limitation of code signing/on-disk file verifying
defensive measures. Notwithstanding the trends in sophisticated malware,
there are still a lot of dumb attackers out there; and it makes you look bad
when you get taken by one of them.
Obviously, I can use a hash to "verify" an unsigned executable using its
hash if that is known. However this presents a logistical problem for MS
executables, given the rate at which hotfixes are required and applied (or
not applied) to MS code. :-)
Regards,
George.
.
- References:
- verifying cmd.exe
- From: RossettoeCioccolato
- verifying cmd.exe
- Prev by Date: Re: Server 2003 AD, security context APIs, "operations error" ??
- Next by Date: Re: Server 2003 AD, security context APIs, "operations error" ??
- Previous by thread: Re: verifying cmd.exe
- Next by thread: WlxQueryConsoleSwitchCredentials failing with ERROR_IO_PENDING
- Index(es):
Relevant Pages
|
|
