[13556] in bugtraq
Re: Windows 2000 Run As... Feature
daemon@ATHENA.MIT.EDU (Camillo =?iso-8859-1?Q?S=E4rs?=)
Tue Jan 25 14:14:28 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <388D5388.B4D6A594@F-Secure.com>
Date: Tue, 25 Jan 2000 09:40:56 +0200
Reply-To: Camillo =?iso-8859-1?Q?S=E4rs?= <Camillo.Sars@F-SECURE.COM>
From: Camillo =?iso-8859-1?Q?S=E4rs?= <Camillo.Sars@F-SECURE.COM>
X-To: "jdglaser@ntobjectives.com" <jdglaser@ntobjectives.com>
To: BUGTRAQ@SECURITYFOCUS.COM
jdglaser wrote:
> I'd like to add that MS Secure Attention Sequence is not exactly so
> trusted. Nothing prevents another Gina from being put into play, nor
> prevents process code injection - DLL API hooking.
This requires Administrator privileges, or the ability to act under the
SYSTEM account. With such privileges, anything is possible. I wouldn't
agree that this is a problem.
The SAS is a guaranteed way of passing control to a SYSTEM process.
Provided, of course, that your system has not been compromised, and that
any other SAS implementations do not utilize non-privileged code.
Regards,
Camillo
--
Camillo Sdrs <Camillo.Sars@F-Secure.com> http://www.iki.fi/ged/
Researcher, Crypto Research http://www.F-Secure.com/
F-Secure Corporation (formerly Data Fellows Corporation)
F-Secure products: Integrated Solutions for Enterprise Security
