Re: Windows Access Control Demystified

[Cesar <sqlsec () yahoo com>]

That's a good paper and it seems they have built a
very good tool. But all that is not news for many
people that have been auditing Windows and Windows
apps for years, anyways it's really good that someone
has written something about the topic. They forgot to
mention some other big issues on Windows and Windows
apps like ACL problems on Mutexes, Events, Semaphores,
Ports, Sections, etc. eg: it's very funny how simple
it's to DoS some services just holding a Mutex or
signaling an Event or just removing all permissions
from them, of course being a low privileged user.


Cesar.

--- "Steven M. Christey" <coley () mitre org> wrote:

> Not sure if anyone's really looked at this yet, but
> the "Windows
> Access Control Demystified" paper talks about a tool
> that was created
> to find complex privileges/ACL problems in Windows. 
> I've always
> suspected that the fine-grained nature of Windows'
> security mechanisms
> would result in difficult-to-find, easy-to-make
> vulnerabilities, and
> this paper helps to demonstrate the concept.
http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
> What do others think?
>
> - Steve


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com