Bugtraq mailing list archives
RE: White paper: Exploiting the Win32 API.
From: "Drew" <dcopley () eeye com>
Date: Wed, 28 Aug 2002 10:25:08 -0700
-----Original Message----- From: Rothe, Greg (G.A.) [mailto:grothe () ford com] Sent: Tuesday, August 27, 2002 10:00 AM To: 'Paul Starzetz'; Andrey Kolishak; bugtraq () securityfocus com Subject: RE: White paper: Exploiting the Win32 API. All of this brings up a couple of questions for me: 1. As I understand it, all this can be avoided by applying the simple, longtime standard maxim of "trust no input," correct? (If correct, this leads me to murmur rhetorically "Have today's developers no discipline?") 2. If the above is incorrect,
The above is NOT correct as several posters have already shown. Anytime a developer has an application running as system which is a rare need, they must realize the security ramifications of what they are doing. (That, if a flaw is found in their software, they will elevate the privileges of the user). http://www.atstake.com/research/advisories/2000/a090700-1.txt This is a well known need, even if this type of attack - and therefore prevention - is not well known.
and system messages such as event notifications (onClick, etc.) can be compromised, then developers using tools such as Visual Basic are essentially helpless to harden their applications. Other than going back to writing in assembly, what is the modern developer to do?
You generally will have very few types of applications on your system which require to run *as* system and can receive messages (Most that I can think of are actually security apps that are designed to restrict unprivileged users -- but maybe I am biased). While you can exploit other applications not running in a higher privilege space in this manner, this gains you nothing which you can not do with just running an binary as that user.
We have here an exclusive or: Which is it - 1 or 2 or neither? Thanks, -Greg
<snip>
Current thread:
- RE: White paper: Exploiting the Win32 API., (continued)
- RE: White paper: Exploiting the Win32 API. Marc Maiffret (Aug 10)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 06)
- Re: White paper: Exploiting the Win32 API. Roland Kaufmann (Aug 07)
- Re: White paper: Exploiting the Win32 API. Adam Megacz (Aug 07)
- Re: White paper: Exploiting the Win32 API. Chris Calabrese (Aug 07)
- Re: White paper: Exploiting the Win32 API. slack3r (Aug 07)
- RE: White paper: Exploiting the Win32 API. Kenn Humborg (Aug 10)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 07)
- Re: White paper: Exploiting the Win32 API. Simos Xenitellis (Aug 09)
- RE: White paper: Exploiting the Win32 API. Rothe, Greg (G.A.) (Aug 28)
- RE: White paper: Exploiting the Win32 API. Drew (Aug 28)
- Re: White paper: Exploiting the Win32 API. Chris Paget (Aug 29)
- RE: White paper: Exploiting the Win32 API. Drew (Aug 28)