[26851] in bugtraq
RE: White paper: Exploiting the Win32 API.
daemon@ATHENA.MIT.EDU (Drew)
Wed Aug 28 13:53:12 2002
From: "Drew" <dcopley@eeye.com>
To: "Rothe, Greg (G.A.)" <grothe@ford.com>,
"'Paul Starzetz'" <paul@starzetz.de>,
"Andrey Kolishak" <andr@sandy.ru>, <bugtraq@securityfocus.com>
Date: Wed, 28 Aug 2002 10:25:08 -0700
Message-ID: <PBEIJHCBOBAALDOHPLEBCEPICDAA.dcopley@eeye.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <2BC424494849D411812B00D0B74D6CE80FE8BC04@na1fcm21.dearborn.ford.com>
> -----Original Message-----
> From: Rothe, Greg (G.A.) [mailto:grothe@ford.com]
> Sent: Tuesday, August 27, 2002 10:00 AM
> To: 'Paul Starzetz'; Andrey Kolishak; bugtraq@securityfocus.com
> Subject: RE: White paper: Exploiting the Win32 API.
>
>
> All of this brings up a couple of questions for me:
>
> 1.
> As I understand it, all this can be avoided by applying the
> simple, longtime standard maxim of "trust no input," correct? (If
> correct, this leads me to murmur rhetorically "Have today's
> developers no discipline?")
>
> 2.
> If the above is incorrect,
The above is NOT correct as several posters have already shown.
Anytime a developer has an application running as system which
is a rare need, they must realize the security ramifications of
what they are doing. (That, if a flaw is found in their software,
they will elevate the privileges of the user).
http://www.atstake.com/research/advisories/2000/a090700-1.txt
This is a well known need, even if this type of attack - and therefore
prevention - is not well known.
> and system messages such as event
> notifications (onClick, etc.) can be compromised, then developers
> using tools such as Visual Basic are essentially helpless to
> harden their applications. Other than going back to writing in
> assembly, what is the modern developer to do?
>
You generally will have very few types of applications on
your system which require to run *as* system and can receive
messages (Most that I can think of are actually security
apps that are designed to restrict unprivileged users -- but
maybe I am biased). While you can exploit other applications
not running in a higher privilege space in this manner, this
gains you nothing which you can not do with just running an
binary as that user.
>
> We have here an exclusive or: Which is it - 1 or 2 or neither?
>
> Thanks,
>
> -Greg
<snip>
