Secure Coding mailing list archives
Dark Reading - Application and Perimeter Security - Hacking the Vista Kernel - Security News Analysis
From: petesh at indigo.ie (Pete Shanahan)
Date: Tue, 25 Jul 2006 20:31:02 +0100
Hang on a minute, I thought you had to have administrator access before you were permitted raw access to the hard drive. The createfile documentation tells us that opening a physical disk / Volume requires that the caller must have administrative privileges. I'm just wondering how flawed the implementation of the windows paging model is that it would allow for this kind of breach. The standard model I'm familiar with would simply flush the page from memory, and would not keep a copy in the external page-file, instead relying on the copy that already exists on the disk. Obviously I need to read more on this. Kenneth Van Wyk wrote:
Here's an interesting article from Dark Reading regarding a software attack on the existing Vista beta: http://www.darkreading.com/document.asp?doc_id=99780&f_src=darkreading_section_296 <http://www.darkreading.com/document.asp?doc_id=99780&f_src=darkreading_section_296> I noticed, in particular, that the attack is against a design weakness of Vista -- "The attack doesn't use your typical buffer overflow or other bug, but basically exploits a Vista (and Windows) design problem -- that user-mode applications are allowed to access raw disk sectors, Rutkowska says." The attack, which is being described in detail at Blackhat, looks for "interesting" OS code to be paged out and then carefully modifies the contents of the page file in order to dupe Vista into loading the corrupt page data.
-- Pete +353 (87) 412 9576 [M] Where there's a will, there's an Inheritance Tax.
Current thread:
- Dark Reading - Application and Perimeter Security - Hacking the Vista Kernel - Security News Analysis Kenneth Van Wyk (Jul 25)
- Dark Reading - Application and Perimeter Security - Hacking the Vista Kernel - Security News Analysis Pete Shanahan (Jul 25)
- Dark Reading - CERT Seeks Secure Coding Input Robert C. Seacord (Jul 25)
- Dark Reading - Application and Perimeter Security - Hacking the Vista Kernel - Security News Analysis Pete Shanahan (Jul 25)