[18014] in bugtraq
Re: Foolproof Security Vulnerability
daemon@ATHENA.MIT.EDU (Seth Arnold)
Mon Dec 11 15:39:30 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001210172416.J3806@willamette.edu>
Date: Sun, 10 Dec 2000 17:24:16 -0800
Reply-To: Seth Arnold <sarnold@WILLAMETTE.EDU>
From: Seth Arnold <sarnold@WILLAMETTE.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0012082108020.14537-100000@poseidon.crosslink.net>; from techno@CROSSLINK.NET on Fri,
Dec 08, 2000 at 09:39:27PM -0500
* Bryan Hughes <techno@CROSSLINK.NET> [001210 17:07]:
> FoolProof Security is a desktop security application for Windows
> 95/98/ME. Its purpose is to block users from accessing all programs,
> except those which are intended by the administrator. Additionally, it is
> intended to allow the user to only save files to specific locations
> (usually the floppy disk drive). FoolProof Security is usually found in
> computer labs, or on publicly accessible systems.
The entire process Bryan described seems to depend upon FoolProof
Security's method of deciding which applications get to run. Based
entirely on his description of a sample exploit, I understand FoolProof
Security to allow all programs except those not explicity denied.
I think we all know how this works -- instead of denying certain things,
they should instead be *allowing* only certain things. What would
prevent me from writing a .bat or .com file using notepad? Word? Does
the Run line allow shell-redirection? (eg, "echo <neatassembly> >>
c:\config.sys")
Of course, using anything other than Ghost (which I think is owned by
Symantec now) to secure a windows 95/98/me host is doomed to failure. :)
(And before you reply, check out what Ghost does -- disk image copies.
Not much can survive a new disk image written out. :)
--
``Oh Lord; Ooh you are so big; So absolutely huge; Gosh we're all
really impressed down here, I can tell you.''
