[9347] in bugtraq
Re: NT4 Locking (Was: ole objects in a "secured" environment?)
daemon@ATHENA.MIT.EDU (The Attitude Adjuster)
Thu Feb 4 15:16:12 1999
Date: Sun, 17 Jan 1999 18:14:31 -0500
Reply-To: The Attitude Adjuster <adjuster@BRIGHT.NET>
From: The Attitude Adjuster <adjuster@BRIGHT.NET>
X-To: Bronislaw Kozicki <bronek@wpi.com.pl>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <01BE4F64.A188E5E0@OSOWA.poland.wpi>
On Wed, 3 Feb 1999, Bronislaw Kozicki wrote:
> 2) super-privileged GINA that can be any DLL you put in registry. User
> (or hacker) can make own GINA and try to register it (a) writing to
> registry or (b) replacing file MSGINA.DDL. By default ordinary user
> cannot do that, but ...
It's worth noting that a sample GINA which makes calls down to the
Microsoft GINA is available as source on the platform SDK in MSDN. (I just
recently wrote a GINA to do a custom touch-screen based authentication)
The key where the GINA is registered is secured, but if MSGINA.DLL is
living on a FAT partition, it would be trivial to replace it w/ another
GINA which calls back to MSGINA (albeit renamed, of course).
Off the top of my head, I cannot tell you the default NTFS permission on
MSGINA.DLL, but my _HOPE_ would be that it is set securely (I'll have to
check when I get back to an NT box).
Indeed, a GINA which collects passwords would be fairly trivial to
implement-- calling back down to Microsoft's MSGINA w/ stub functions.
GINA is also a neat place to implement things like "logoff scripts" and
disallowing the use of "locked" screensavers, too.
__ __ __
/ /-//-/ The Attitude Adjuster http://www.bright.net/~catsuit
...so terribly unfashionable media productions...
