Full Disclosure mailing list archives
Re: DLL hijacking with Autorun on a USB drive
From: Dan Kaminsky <dan () doxpara com>
Date: Mon, 30 Aug 2010 17:52:27 -0400
On Mon, Aug 30, 2010 at 11:45 AM, Pavel Kankovsky < peak () argo troja mff cuni cz> wrote:
On Thu, 26 Aug 2010, Dan Kaminsky wrote:The question is whether they're supposed to execute code in this particular context.I think the question ought to be: what authority and privileges shall be granted to the code when it is executed?
Yeah, and the thing about all of the desktop shells (Explorer, Finder, etc) is that they're all just as happy to open a Word Document with winword.exe, as they are to open winword.exe (or something else with that name) itself. In other words, the security model is that authority and privileges are the expansive set that is full code execution as that user.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DLL hijacking with Autorun on a USB drive matt (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Pavel Kankovsky (Aug 30)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 30)
- Re: DLL hijacking with Autorun on a USB drive Pavel Kankovsky (Aug 30)
- Re: DLL hijacking with Autorun on a USB drive Atul Agarwal (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)