Microsoft does it again
David Kramer
david at thekramers.net
Tue Aug 6 15:50:12 EDT 2002
On Tue, 6 Aug 2002, Bill Bogstad wrote:
> So a command line overflow exploit in a setuid-root ps binary on a
> UNIX machine is unimportant because you shouldn't ever let 'bad
> people' have a login on your machine? I thought security was about
> being able to limit the resources that a user could access on a
> machine even when they had some level of legal access. You seem to be
> advocating a security model of 'good' and 'bad' users where 'good
> users' can do anything and 'bad users' can do nothing. Maybe you
> missed the part where this worked via terminal services as well. You
> don't need physical access, apparently you only need the equivalent of
> a UNIX login. I believe that any operating system vendor who claims
> that something isn't a security issue because you have to have some
> level of valid access to exploit it should be condemmed. PERIOD.
OK, I should have been more explicit. When you have a bad person sitting
in front of you WINDOWS computer, is what I meant.
And this was, at heart, not a buffer overflow exploit. The security
hole is any program being able to talk to any other window as if it were
the operating system. The buffer overflow was just one way he
showed to invoke the exploit, the main one not even needing the complexity
of a buffer overflow, just put a binary in memory somehow and pass
WM_TIMER to execute it. No buffer overflow needed.
-------------------------------------------------------------------
DDDD David Kramer http://thekramers.net
DK KD
DKK D Imagine an alternate history where William S. Burroughs was
DK KD actually interested in mainframe hardware design.
DDDD Bob Bruhin
More information about the Discuss
mailing list