Bugtraq mailing list archives

Re: Tiny Personal Firewall

From: elfs <elfs () rs gov lv>
Date: Tue, 5 Mar 2002 14:13:10 +0200

It  must  be  the  responsibility of the OS to prevent console users
interacting  with  applications  when the desktop is locked. No user
process should ever be able to bypass the lock mechanism.


If we take a look to WinAPI help for, i.e. MessageBox, we see, that it
has a flag (WindowsNT only), called MB_SERVICE_NOTIFICATION:

(..)  The  caller  is  a  service  notifying the user of an event. The
function displays a message box on the current active desktop, even if
there is no user logged on to the computer (..)

So we can write a small test program:

---[ test.c ]---
#include <windows>
void main()
{
  Sleep(3000);                      // Pause, to give you time to lock
                                    // the computer
  MessageBox(
    NULL,                           // HWND, should be NULL
    "Who cares if we are locked?",  // Messagebox text
    "Test",                         // Messagebox caption
    MB_OK | MB_SERVICE_NOTIFICATION // Flags
  );
}

and   this gives a chance for almost any appl to communicate with user
on WinNT, even if the computer is locked.


Just my 0.02 Ls -

elfs,
  Latvia

Current thread:

... Tiny Personal Firewall ... Andrew Barkley (Feb 28)
- Re: ... Tiny Personal Firewall ... Maher Odeh (Mar 01)
- Re: ... Tiny Personal Firewall ... Scott Nursten (Mar 05)
  - Re: ... Tiny Personal Firewall ... Dave Ahmad (Mar 04)
    - Re: ... Tiny Personal Firewall ... Tom Geldner (Mar 05)
    - Re: Tiny Personal Firewall elfs (Mar 05)
    - Re: ... Tiny Personal Firewall ... J.Brown (Ender/Amigo) (Mar 06)