Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DLL hijacking with Autorun on a USB drive

From: Dan Kaminsky <dan () doxpara com>
Date: Tue, 31 Aug 2010 16:18:47 -0700




On Aug 31, 2010, at 4:11 PM, paul.szabo () sydney edu au wrote:


Valdis.Kletnieks () vt edu wrote:


... The victim is attempting to view a plain text file. Surely
that can be done safely?


Only if your OS's security model understands the fact that executable
code and data belong in different security domains and thus different
rules should apply about what files to "trust" in each category.


Hmm... an OS that cannot "view" plain-text in a safe manner...
Shame on those who would call that an OS.

Yes, even the Windows security model understands those things.


Notepad.exe can launch from iexplore.exe in some contexts; this open  
is safe (and when it isn't, it's Critical).

Notepad.exe can launch from Explorer.exe in some contexts, this open  
is not safe.

iexplore.exe has a security model. Explorer.exe doesn't (outside of  
standard user). That's the reality, shared by all the desktops.





Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney     
Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: