Dark Reading - Application and Perimeter Security - Hacking the Vista Kernel - Security News Analysis

[petesh at indigo.ie (Pete Shanahan)]

Hang on a minute,
I thought you had to have administrator access before you were permitted raw
access to the hard drive.

The createfile documentation tells us that opening a physical disk / Volume
requires that the caller must have administrative privileges.

I'm just wondering how flawed the implementation of the windows paging model is
that it would allow for this kind of breach. The standard model I'm familiar
with would simply flush the page from memory, and would not keep a copy in the
external page-file, instead relying on the copy that already exists on the disk.

Obviously I need to read more on this.

Kenneth Van Wyk wrote:
> Here's an interesting article from Dark Reading regarding a software
> attack on the existing Vista beta:
>
> http://www.darkreading.com/document.asp?doc_id=99780&f_src=darkreading_section_296
> <http://www.darkreading.com/document.asp?doc_id=99780&f_src=darkreading_section_296>
>
> I noticed, in particular, that the attack is against a design weakness
> of Vista -- "The attack doesn't use your typical buffer overflow or
> other bug, but basically exploits a Vista (and Windows) design problem
> -- that user-mode applications are allowed to access raw disk sectors,
> Rutkowska says."
>
> The attack, which is being described in detail at Blackhat, looks for
> "interesting" OS code to be paged out and then carefully modifies the
> contents of the page file in order to dupe Vista into loading the
> corrupt page data.


-- 
Pete    +353 (87) 412 9576 [M]
Where there's a will, there's an Inheritance Tax.