Re: Gibson (was Crack Office XP)

[ian <cheeken () cs bu edu>]

http://support.microsoft.com/support/kb/articles/Q195/4/45.ASP

summary : you need to be an admin to do raw sockets.

i too, find it hard to believe they'd change this design decision in XP.

however. if someone is on your box and getting ready to 'sp00f sUm pAcKeTz'
needing to be an admin probably won't stop them for long.

ian.


Ric Messier wrote:

> I think claims is the key word there. Has someone verified yet that anyone
> at any privilege level can get access to raw sockets under Windows XP?
> Knowing the levels of privileges, etc that Windows NT has always had, I
> would find it hard to believe that they have just opened up access to that
> facility to anyone who wanted it.
>
> Ric
>
> -----Original Message-----
> From: David Schwartz [mailto:davids () webmaster com]
> Sent: Monday, June 11, 2001 2:13 PM
> To: Fenris () HammerofGod com; ricardo_x () hotmail com;
> vuln-dev () securityfocus com
> Subject: RE: Gibson (was Crack Office XP)
>
> > If Gibson isn't bright enough to figure out how to write a script kiddie
> > trojan to dynamically load the packet driver, I don't trust him enough to
> > be telling the world that he thinks there's a problem.  Besides, if this
> > was really a problem, we'd already see this occuring on Win32
> > systems, Unix
> > systems, Mac systems, etc - all of which support raw sockets.  Methinks
> > Gibsons diatribe was one more of wanting publicity for himself or
> > his site
>
>         In fairness to Gibson, there does not exist any Unix system I know of that
> has the flaw he claims Windows XP has. They all restrict access to raw
> sockets to trusted/privileged code.
>
>         DS