Re: Microsoft Security Bulletin (MS99-051) (fwd)

[dleblanc () MINDSPRING COM (David LeBlanc)]

At 08:17 PM 12/1/99 -0800, Kris Kennaway wrote:
> On Tue, 30 Nov 1999, David LeBlanc wrote:
>
> > > Regardless of that, how does the patch stop malicious users from
> > > producing AT jobs that have valid signatures and putting them in place?

> > The signature is based on a unique certificate that is stored in the
> > private data, and only admins can access the certificate.  So your
> > requirement to use this method (post-fix) to become admin is to be admin.

> Replay attack? I read the patch description as saying that it stores a
> signature in the file containing the AT job, which is verified at
> execution time. If you can read the job file as another user, you may be
> able to resubmit the same job multiple times, if the signature doesn't
> include data which is instance-specific (e.g. the job ID).

Here's what I was told:

"The ACL on an At job file denies read access to non-admins.
This prevents non-admins from copying a signed At job into
another admin-owned file."

BTW, job ID wouldn't be sufficient - those numbers do get reused.

If anyone else sees a problem with the current way it works, send mail to
secure () microsoft com and/or to me - I'll do my best to follow up.

Thanks for pointing this out - though it seems painfully obvious now, I
hadn't thought of it on my own.

David LeBlanc
dleblanc () mindspring com