Bugtraq mailing list archives
RE: White paper: Exploiting the Win32 API.
From: "Kenn Humborg" <kenn () bluetree ie>
Date: Wed, 7 Aug 2002 18:18:15 +0100
So let me get this straight. Allowing unpriveleged processes to send control messages to priveleged processes is not a flaw in the Win32 API because there is a mechanism for applications to protect themselves from this type of attack (alternate Windows Stations/Desktops). But the mechanism effectively prevents the priveleged processes from providing a GUI because the user won't be able to actually see the alternate Windows Stations/Desktops without some kind of Station switching tool, and/or extra training in how to do this. So, the result is that no applications actually use this mechanism. What part of "this is broken" doesn't make sense?
Well, there is a Right Way of controlling privileged processes from the user's desktop. Simply banging a window up on the desktop is not the Right Way. There should be a separate UI/management tool which runs under the user's credentials on his desktop and uses some IPC mechanism to control the privileged process (RPC, DCOM, named pipes, tcp sockets, whatever). This IPC interface is the security boundary. To make an analogy in the Unix world, it would be like a deamon running as root opening an xterm on the users desktop to manage it. Nobody would say "X is broken" in this case - I think we'd all agree that the app is broken. Later, Kenn
Current thread:
- Re: White paper: Exploiting the Win32 API., (continued)
- Re: White paper: Exploiting the Win32 API. Paul Starzetz (Aug 27)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 06)
- Re: White paper: Exploiting the Win32 API. Chris Paget (Aug 06)
- Re: White paper: Exploiting the Win32 API. Florian Weimer (Aug 06)
- RE: White paper: Exploiting the Win32 API. Marc Maiffret (Aug 10)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 06)
- Re: White paper: Exploiting the Win32 API. Roland Kaufmann (Aug 07)
- Re: White paper: Exploiting the Win32 API. Adam Megacz (Aug 07)
- Re: White paper: Exploiting the Win32 API. Chris Calabrese (Aug 07)
- Re: White paper: Exploiting the Win32 API. slack3r (Aug 07)
- RE: White paper: Exploiting the Win32 API. Kenn Humborg (Aug 10)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 07)
- Re: White paper: Exploiting the Win32 API. Simos Xenitellis (Aug 09)
- RE: White paper: Exploiting the Win32 API. Rothe, Greg (G.A.) (Aug 28)
- RE: White paper: Exploiting the Win32 API. Drew (Aug 28)
- Re: White paper: Exploiting the Win32 API. Chris Paget (Aug 29)
- RE: White paper: Exploiting the Win32 API. Drew (Aug 28)