Bugtraq mailing list archives
Re: Bypassing Personal Firewalls
From: Shaun Clowes <shaun () securereality com au>
Date: Tue, 25 Feb 2003 08:24:28 +1100
Hi Johan, On Sun, Feb 23, 2003 at 09:13:42PM +0100, Johan Verrept wrote:
Shaun Clowes wrote:Why do you believe that the responsibility of protecting users from themselves should be bourne by the operating system? People who are using Personal Firewall systems may indeed want to be protected in this fashion but I suspect that for most people this is a non issue.Actually, this has little to do with protecting a user from himself, this has to do with protecting one process from another. How do you trust any process you have running if malicious code could have embedded itself and you have no way of detecting this?
The answer is that you don't. I am getting the feeling that I'm out in the cold here but if you have malicious code running on your machine there are a myriad of ways it can (and usually will) subvert your actions. Processes are not entities unto themselves, particularly in Windows where so many different components interact (most obviously the GUI with almost anything else).
When all is said and done, if malicious code can run under your user ID then everything you do is compromised, I can't see much point in giving ourselves a false sense of security.Perhaps not. But do you see a good reason to allow any process this much power over another unrelated process?
Yes, I do. Debuggers can make good use of this functionality, as can tracers. In fact, this functionality is probably used by 100s if not 1000s of programs out there for all sorts of things (particularly given that dll injection was first publicly described in WSJ in 1994). As someone pointed out to me in a private email this functionality is also used by the system while terminating programs.
If this kind of power is needed by one process over another, it should be implemented implicitly in both processes or the process should run under superuser UID.
Running on the principle of least privilege I'd rather see less superuser processing. The way I see it is that personal firewalls already go to great lengths to pervert the behaviour of the system, I think any functionality of the sort we're discussing here should be implemented by the firewalls and not the OS. To make that point clearer, a firewall system is usually implemented as a kernel driver, it can intercept any system calls it likes globally and enforce whatever permissions it deems appropriate on the call. Cheers, Shaun
Current thread:
- Bypassing Personal Firewalls xenophi1e (Feb 21)
- RE: Bypassing Personal Firewalls Drew Copley (Feb 21)
- RE: Bypassing Personal Firewalls Oliver Lavery (Feb 21)
- RE: Bypassing Personal Firewalls Drew Copley (Feb 21)
- RE: Bypassing Personal Firewalls Oliver Lavery (Feb 21)
- Re: Bypassing Personal Firewalls Shaun Clowes (Feb 23)
- Re: Bypassing Personal Firewalls Johan Verrept (Feb 24)
- Re: Bypassing Personal Firewalls Shaun Clowes (Feb 24)
- Re: Bypassing Personal Firewalls Zow (Feb 24)
- Re: Bypassing Personal Firewalls Johan Verrept (Feb 24)
- Re: Bypassing Personal Firewalls Darwin (Feb 28)
- <Possible follow-ups>
- RE: Bypassing Personal Firewalls John Howie (Feb 23)
- RE: Bypassing Personal Firewalls Oliver Lavery (Feb 24)
- Re: Bypassing Personal Firewalls Torbjörn Hovmark (Feb 24)
- RE: Bypassing Personal Firewalls John Howie (Feb 24)
- RE: Bypassing Personal Firewalls Drew Copley (Feb 21)