Re: Re: HTML Help API - Privilege Escalation

[KF <dotslash () snosoft com>]

Sebastian Niehaus wrote:

> KF <dotslash () snosoft com> writes:
>
> [...]
>
>  
>
> > I would relate this
> > type of attack to a setuid program calling system("clear") while
> > running as root on a unix machine. This does not mean that system() is
> > flawed rather that when implementing this call you need to be more
> > careful and drop your privs. 
> >    
>
> Well, if you have a programm to be run in suid mode, every Unix admin
> should be alerted. They are used to review the source code of this
> kind of stuff.
>  
By the same token on a win32 machine when I hit ctrl alt del ... 
anything that says SYSTEM on it I usually take a quick peak at. There 
are plenty of win32 programs that run in a privleged mode. Rewording 
what you said .. every Winblows admin should be alert orfSYSTEM level 
applications (be it a service or a desktop application).

> You won't be able to do this with your average windows junk...
>  
Well there are not setuid applications in win32 but as I mentioned above 
there are apps that run with elevated priv levels. Heck look at shatter 
type attacks... In the win32 world thats about as close to a local 
attack (on unix) against a setuid binary.

-KF



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html