Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bugs bugs bugs

From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Wed, 12 Dec 2007 19:20:25 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave Aitel wrote:


One weird thing about the UAC stuff in Vista is it assumes there won't
be a steady stream of kernel 0days. I'm not sure why that assumption
was made. In the balance of "Really annoy user" versus "Provide
security" I think they made the wrong choice here. Once you're running
code on a box you're assumed to be Ring0 until proven otherwise.



I disagree. Even though we all know (heck, go ask Alex about it!) that
there is a lot of exploitable bugs in all those Vista (signed and
WHQL-certified) drivers, it still doesn't mean that we should not try to
 work on improving the usermode security. Otherwise, we could very well
resign from all the ACLs, separate address spaces, and separate
accounts! We could very well go back to the MS-DOS era :)

True, we have the "MS-DOS" in the kernel these days (this is true not
only for Windows, but also for Linux and any other OS based on a
monolithic kernel), but at least we don't have it in usermode anymore. A
little bit of improvement, at least from the design point of view.

Maybe in the next 10 years we will also see the mainstream OSes moving
towards "somewhat-microkernel-based-OS" as well. So, at least they would
be able to use the then (hopefully) already-polished usermode security
mechanisms (+ developers and user will eventually know how to use them).

So, don't laugh at UAC, because of the kernel bugs -- you could very
well laugh at any other OS-provided security mechanism, if you took this
line of reasoning. But, it's still true there are other problems with
UAC, that should make you laugh :) The default
"admin-for-every-instaler" rule, just to name the most obvious. Sorry,
MS ;) But you know guys, I actually like the idea of introducing UAC,
it's just I don't like the details.

joanna.

-----BEGIN PGP SIGNATURE-----

iQEVAwUBR2AmZ8wG7MOLAMOlAQK3lwf+PpouthB1VZP2Ai8D5pFayQJmLwQ92Ses
u1RZFYVewPvOq8RBxOM8B+rO43iQVb8clC7Hz7F0sHRyo+5Z8JxDsJcL5EtmvQg4
UIgrjHMtmllxtWyTZEKOq86jffKVoFz3DVZJdTrtGJL88jwg/PDYS5a00+D9utPr
j1IQFagZmCOaAVeY6DGUJx3+sNHvQ0hHWpgwhG007qjcodvJCsY25gQbv6RmqWBp
DkVNdITMwG/04omOHrjKNOxv84KKmSW4ESBqkGPVjiuG498apHZqns+2sa7NVfDG
Rdy/CpxUfN6JsAWoPxP64RaxGHwUp6eV8nltSb/voLJkQ/b8vbsZFw==
=/Yg+
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: