Re: Why MS namedpipe work this way

["Ryan Permeh" <ryan () eEye com>]

actually, this is only partly true.  you can compare SE priv levels granted
to the tokens.  at very least, you can drop all (or almost all) privs from
the token before impersonation.  i belive there is an option in some of the
Impersonate* win32 api code to handle automatic dropping of privleges, but
it's been a while since i played with them.

Also, Administrator and LOCAL_SYSTEM (and a few hardcoded groups) should
always have the same SID, since they are integral to the operation of the
system.  They may not have the same name, or password, but by doing SID
comparisons against known accounts or groups, you could imply a heirarchy,
at least logically.
Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer
http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities

----- Original Message -----
From: "3APA3A" <3APA3A () SECURITY NNOV RU>
To: "Minchu Mo" <morris_minchu () iwon com>
Cc: <vuln-dev () securityfocus com>
Sent: Monday, December 10, 2001 10:51 PM
Subject: Re: Why MS namedpipe work this way


> Hello Minchu,
>
>
> --Monday, December 10, 2001, 2:56:05 PM, you wrote to
vuln-dev () securityfocus com:
> MM> Would it be better to have this function
> MM> ImpersonateNamedPipeClient() work only in case
> MM> when namedpipe server have higher privilidge than
> MM> client.
>
> Under  *nix  there  is  superuser  with  uid 0 and ordinary users. Under
> Windows  there is no things like that. There is a set of permissions and
> group  memberships  each user can be given. It's impossible to compare 2
> abstract users who has "higher" privileges.
>
>
>
> --
> ~/ZARAZA
> Машина оказалась способной к единственному действию,
> а именно умножению 2x2, да и то при этом ошибаясь. (Лем)