funsec mailing list archives
Re: Ilfak's WMF patch
From: Matthew Murphy <mattmurphy () kc rr com>
Date: Sun, 01 Jan 2006 18:50:30 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
<-- static int hat.tinfoil++; >
LOL. I'll take that as an advisory note. :-)
You're assuming it wasn't spotted. More likely, it was spotted and well-known by people inside Microsoft, and existed specifically so that some Microsoft product didn't have to go through the effort of implementing their own callbacks in a security-sane way. I'll make the prediction that the Microsoft fix will include something of the form: if (current->program != "M$-Hosed") then close_hole();
Indeed, that appears to have been the original purpose when WMF was invented years (more than a decade, probably closer to two decades now?) ago for Windows 3.0. Microsoft's level of clue about security then was (obviously) quite a bit less then than now. WMF is a 16-bit direct access layer to the GDI. It was essentially designed so that most of what could be done with GDI objects in C could be done in some way via WMF. WMF has been tightened down in quite a few respects since then (primarily due to uncovered vulnerabilities), and EMF (aka "Enhanced Metafile", WMF's 32-bit counterpart) is quite a bit tighter. WMF has been yanked from 64-bit Windows entirely (Windows XP x64 Edition, Windows Server 2003 for Itanium and Windows Server 2003 x64 Edition don't support it) and I've heard talk of the format getting the deep six even for 32-bit releases of Windows Vista. Most have realized the obsolescene of WMF, and most Windows apps these days have at least moved to the newer (more secure) EMF. In any case, most compatibility problems with the axeing of WMF can be solved by simply migrating existing images to a supported format (EMF being the prime candidate, of course). There are exceptions, but not too many of them. Visual Studio, for instance, appears to still distribute attached clipart as both WMFs and EMFs for compatibility with 16-bit boxes still in production. I've recently been told that 16-bit OSes are still in places besides caves. - -- "Social Darwinism: Try to make something idiot-proof, nature will provide you with a better idiot." -- Michael Holstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDuHjVfp4vUrVETTgRA63/AJwI7d30sFd8YodYto00QrbRMXxHJgCfWmxL Veq/n2NIK6W980zrYQ5+wGY= =F15a -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Ilfak's WMF patch Gadi Evron (Jan 01)
- RE: Ilfak's WMF patch Peter Kruse (Jan 01)
- RE: Ilfak's WMF patch Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 02)
- Re: Ilfak's WMF patch Pierre Vandevenne (Jan 01)
- RE: Ilfak's WMF patch Larry Seltzer (Jan 01)
- Re: Ilfak's WMF patch Matthew Murphy (Jan 01)
- Re: Ilfak's WMF patch Valdis . Kletnieks (Jan 01)
- Re: Ilfak's WMF patch Matthew Murphy (Jan 01)
- Re[2]: Ilfak's WMF patch Ilfak Guilfanov (Jan 01)
- Re: Ilfak's WMF patch Matthew Murphy (Jan 01)
- RE: Re[2]: Ilfak's WMF patch Larry Seltzer (Jan 02)
- Re[4]: Ilfak's WMF patch Ilfak Guilfanov (Jan 02)
- RE: Re[4]: Ilfak's WMF patch Richard M. Smith (Jan 02)
- Re[6]: Ilfak's WMF patch Ilfak Guilfanov (Jan 02)
- Re: Re[4]: Ilfak's WMF patch Valdis . Kletnieks (Jan 02)
- RE: Ilfak's WMF patch Larry Seltzer (Jan 01)
- RE: Ilfak's WMF patch Peter Kruse (Jan 01)
- Ilfak's WMF patch v. Microsoft's solution Richard M. Smith (Jan 01)
- Re: Ilfak's WMF patch v. Microsoft's solution Matthew Murphy (Jan 01)
- RE: Ilfak's WMF patch v. Microsoft's solution Richard M. Smith (Jan 02)