RE: White paper: Exploiting the Win32 API.

["John Howie" <JHowie () securitytoolkit com>]

Chris,

You misunderstand (I think). Interactive services are a *bad idea*.
There is no need to have them. If you do have them they should not run
under the context of LocalSystem. A good developer will not use them as
there are alternatives. Microsoft does not recommend using interactive
services.

The Windows API has always allowed any window or user to send a message
to any window on the same desktop. That is how Windows works. I do
advocate Microsoft tightening this up but the problem still lies with
bad developers.

Regards,

John

-----Original Message-----
From: Chris Calabrese [mailto:chris_calabrese () yahoo com] 
Sent: Wednesday, August 07, 2002 6:38 AM
To: bugtraq () securityfocus com
Cc: cloder () acm org; Chris Paget; Florian Weimer; John Howie
Subject: Re: White paper: Exploiting the Win32 API.

So let me get this straight.

Allowing unpriveleged processes to send control messages to priveleged
processes is not a flaw in the Win32 API because there is a mechanism
for applications to protect themselves from this type of attack
(alternate Windows Stations/Desktops).

But the mechanism effectively prevents the priveleged processes from
providing a GUI because the user won't be able to actually see the
alternate Windows Stations/Desktops without some kind of Station
switching tool, and/or extra training in how to do this.

So, the result is that no applications actually use this mechanism.

What part of "this is broken" doesn't make sense?

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com