Dailydave mailing list archives
Re: Bugs bugs bugs
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Wed, 12 Dec 2007 19:20:25 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Aitel wrote:
One weird thing about the UAC stuff in Vista is it assumes there won't be a steady stream of kernel 0days. I'm not sure why that assumption was made. In the balance of "Really annoy user" versus "Provide security" I think they made the wrong choice here. Once you're running code on a box you're assumed to be Ring0 until proven otherwise.
I disagree. Even though we all know (heck, go ask Alex about it!) that there is a lot of exploitable bugs in all those Vista (signed and WHQL-certified) drivers, it still doesn't mean that we should not try to work on improving the usermode security. Otherwise, we could very well resign from all the ACLs, separate address spaces, and separate accounts! We could very well go back to the MS-DOS era :) True, we have the "MS-DOS" in the kernel these days (this is true not only for Windows, but also for Linux and any other OS based on a monolithic kernel), but at least we don't have it in usermode anymore. A little bit of improvement, at least from the design point of view. Maybe in the next 10 years we will also see the mainstream OSes moving towards "somewhat-microkernel-based-OS" as well. So, at least they would be able to use the then (hopefully) already-polished usermode security mechanisms (+ developers and user will eventually know how to use them). So, don't laugh at UAC, because of the kernel bugs -- you could very well laugh at any other OS-provided security mechanism, if you took this line of reasoning. But, it's still true there are other problems with UAC, that should make you laugh :) The default "admin-for-every-instaler" rule, just to name the most obvious. Sorry, MS ;) But you know guys, I actually like the idea of introducing UAC, it's just I don't like the details. joanna. -----BEGIN PGP SIGNATURE----- iQEVAwUBR2AmZ8wG7MOLAMOlAQK3lwf+PpouthB1VZP2Ai8D5pFayQJmLwQ92Ses u1RZFYVewPvOq8RBxOM8B+rO43iQVb8clC7Hz7F0sHRyo+5Z8JxDsJcL5EtmvQg4 UIgrjHMtmllxtWyTZEKOq86jffKVoFz3DVZJdTrtGJL88jwg/PDYS5a00+D9utPr j1IQFagZmCOaAVeY6DGUJx3+sNHvQ0hHWpgwhG007qjcodvJCsY25gQbv6RmqWBp DkVNdITMwG/04omOHrjKNOxv84KKmSW4ESBqkGPVjiuG498apHZqns+2sa7NVfDG Rdy/CpxUfN6JsAWoPxP64RaxGHwUp6eV8nltSb/voLJkQ/b8vbsZFw== =/Yg+ -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Bugs bugs bugs Dave Aitel (Dec 11)
- Re: Bugs bugs bugs Joanna Rutkowska (Dec 13)