Firewall Wizards mailing list archives
RE: Proxy 2.0 secure?
From: "Stout, Bill" <StoutB () pios com>
Date: Thu, 25 Jun 1998 14:34:03 -0400
----- Original Message ----- From Aleph One On Thu, 18 Jun 1998, Stout, Bill wrote:Recently mnemonix discovered that various applications can be
renamed to
\winnt\system32\logon.scr (the logon screen saver) which run either
with
file owner privs or 'system' privs. Applications such as
usermanager
can be used to add a user to local admin groups and then domain
admin
groups. That's an example of so simple a thing that should've been discovered long ago. (Research on the behaviour still being
conducted).
And if you followed the discussion you know that he must have been an admin because no one could reproduce his results as a regular user.
That's why the caveat. Being able to rename an exe as a passive file and it running when you call it has long been a problem with NT, since it's easy a trojan. A simple user can edit the registry with default priviledges of the Debug key location, and replace Dr. Watson with Usermanager so on error usrmgr.exe runs with SYSTEM priviledge, or he could just rename usrmgr.exe to drwatson.exe. A simple user can then add themself to local and domain administrator groups. That was noticed and verified by Dominique and Mnemonix, which started the whole registry permissions thread. This is mentioned to answer the opinion that 'bugs existed, but they were all fixed'. That's the same as saying 'once a service pack or hotfix is issued, there will never be another'. Another analogy, 'My house was never broken into, therefore it's secure'.
Actually, as far as I know PPTP will be in NT5.0. They will probably
try
to deploy L2FP but they must keep backwards compatability.
L2TP will be added to 5.0, but you're right on both counts. All Microsoft products take great pains to be backwards compatibile which is why we'll have even WFW Lanman security to deal with for a while. If you have product that continues to gather featues as it rolls into the future (like a big ball of sticky tape), you'll end up with 27million lines of inter-dependant (possibly unpredicable) code in the O.S. as a base for your Firewall. ;^) 'Embedded NT' may be a better NT option as a Firewall base O.S., though I'm facinated by the Cabletron Yago box architechture (layer 3 switch); router executables are hardcoded into ASICs, and reference route tables (rules) in RAM updated by a control module. Hmm, proxy ASICs... Bill Stout
Current thread:
- RE: Proxy 2.0 secure?, (continued)
- RE: Proxy 2.0 secure? Grigorof, Adrian (Jun 24)
- Re: Proxy 2.0 secure? Gillian Steele (Jun 24)
- Re: Proxy 2.0 secure? tqbf (Jun 25)
- Re: Proxy 2.0 secure? Vanja Hrustic (Jun 25)
- Re: Proxy 2.0 secure? Kjell Wooding (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Ted Doty (Jun 25)
- Re: Proxy 2.0 secure? Mark Horn [ Net Ops ] (Jun 25)
- RE: Proxy 2.0 secure? Vanja Hrustic (Jun 25)
- RE: Proxy 2.0 secure? ark (Jun 25)
- RE: Proxy 2.0 secure? Stout, Bill (Jun 25)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Vanja Hrustic (Jun 26)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Kjell Wooding (Jun 26)
- Re: Proxy 2.0 secure? ark (Jun 26)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 26)
- Re: Proxy 2.0 secure? Gillian Steele (Jun 26)