Bugtraq mailing list archives
Re: White paper: Exploiting the Win32 API.
From: Chad Loder <cloder () acm org>
Date: Tue, 6 Aug 2002 12:36:26 -0700
Chris, I read your paper with interest. However, I must disagree with you in some respects. The Win32 API provides a concept called "Window Stations" which offer the fine grained access control you're looking for. By default, interactive applications run in the default Windows Station, "WinSta0", but you can create separate Windows Stations with appropriate DACLs. By default, only Administrators can enumerate non-default Windows stations, and only Administrators and the owner of a Windows Station can access (send messages to) the windows within the desktop of that Windows station. I see the exploits you posted not as a defect in the API, but rather as lack of care by the authors of certain interactive services, which run under different credentials in an accessible Windows Station. Everyone knows that interactive services are deprecated. They are security risks, for the reasons you lay out in your paper. Read chapter 5 of "Programming Windows Security" by Keith Brown. Microsoft's response is therefore largely correct -- just because a feature is there doesn't mean you have to use it. Yours, Chad Loder
Current thread:
- White paper: Exploiting the Win32 API. Chris Paget (Aug 06)
- Re: White paper: Exploiting the Win32 API. Chad Loder (Aug 06)
- Re: White paper: Exploiting the Win32 API. Florian Weimer (Aug 06)
- Re: White paper: Exploiting the Win32 API. Andrey Kolishak (Aug 10)
- Re: White paper: Exploiting the Win32 API. Paul Starzetz (Aug 27)
- <Possible follow-ups>
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 06)
- Re: White paper: Exploiting the Win32 API. Chris Paget (Aug 06)
- Re: White paper: Exploiting the Win32 API. Florian Weimer (Aug 06)
- RE: White paper: Exploiting the Win32 API. Marc Maiffret (Aug 10)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 06)
- Re: White paper: Exploiting the Win32 API. Roland Kaufmann (Aug 07)
- Re: White paper: Exploiting the Win32 API. Adam Megacz (Aug 07)
(Thread continues...)