RE: White paper: Exploiting the Win32 API.

["Drew" <dcopley () eeye com>]

> -----Original Message-----
> From: Rothe, Greg (G.A.) [mailto:grothe () ford com]
> Sent: Tuesday, August 27, 2002 10:00 AM
> To: 'Paul Starzetz'; Andrey Kolishak; bugtraq () securityfocus com
> Subject: RE: White paper: Exploiting the Win32 API.
>
>
> All of this brings up a couple of questions for me: 
>
> 1.
> As I understand it, all this can be avoided by applying the 
> simple, longtime standard maxim of "trust no input," correct? (If 
> correct, this leads me to murmur rhetorically "Have today's 
> developers no discipline?")
>
> 2.
> If the above is incorrect, 

The above is NOT correct as several posters have already shown.

Anytime a developer has an application running as system which
is a rare need, they must realize the security ramifications of
what they are doing. (That, if a flaw is found in their software,
they will elevate the privileges of the user).

http://www.atstake.com/research/advisories/2000/a090700-1.txt

This is a well known need, even if this type of attack - and therefore
prevention - is not well known.


> and system messages such as event 
> notifications (onClick, etc.) can be compromised, then developers 
> using tools such as Visual Basic are essentially helpless to 
> harden their applications. Other than going back to writing in 
> assembly, what is the modern developer to do?

You generally will have very few types of applications on
your system which require to run *as* system and can receive
messages (Most that I can think of are actually security
apps that are designed to restrict unprivileged users -- but
maybe I am biased). While you can exploit other applications 
not running in a higher privilege space in this manner, this 
gains you nothing which you can not do with just running an
binary as that user.


> We have here an exclusive or: Which is it - 1 or 2 or neither?
>
> Thanks,
>
> -Greg
<snip>