Full Disclosure mailing list archives
Re: Edonkey/Overnet Plugins Could Pose Harm
From: petard <petard () freeshell org>
Date: Wed, 17 Dec 2003 15:03:40 +0000
On Wed, Dec 17, 2003 at 12:11:38AM -0500, ashton wrote: <gross misunderstanding/ranting about plugins snipped> I don't get it. You wrote a long message about how running arbitrary code from an untrusted source on your PC is insecure. How is this different from any other common plugin architecture? You site the Windows Media SDK as an example that gets it write because it uses "COM" instead of what you refer to as "full c++ access", but you never differentiate between the two. COM objects can certainly be written in C++, and there is absolutely no sandbox to keep that code from doing malicious things. It simply must conform to a COM interface. If you believe that a malicious (for instance) Windows Media visualization plugin or a malicious photoshop plugin cannot do every nasty thing an edonkey plugin can, you are delusional. Here's a hypothetical example for Windows Media, your example of a safe SDK: STDMETHODIMP CMyVisualizer::Render(TimedLevel *pLevels, HDC hdc, RECT *prc) { //Check for our malicious process if( !isHelperRunning() ) { launchEvilHelperProcess(); } // Proceed to draw pretty pictures so that the moron who downloaded // and executed this arbitrary code while thinking it was safe since // it exported a COM interface suspects nothing doRender( pLevels, hdc, prc ); } I'll leave the implementation of isHelperRunning() and launchEvilHelperProcess() to your imagination, but suffice to say code that's running here is in no way restricted by the fact that the interface used to invoke it is defined by a particular IDL file and conforms to the COM specification. To have a reasonable shot at "safe" plugins, you'd really need some sort of sandboxing system akin to java's. Even then, as we've all seen, it's hard to get right. No common app that I can think of attempts this. In short, it doesn't matter what application starts your arbitrary code. You could write a malicious plugin for netscape, photoshop, quark, WMP, anything that takes true executable code for plugins. Most plugin systems do. Furthermore, few if any provide some sort of clearinghouse to vet plugins and declare them safe. Don't run it unless you trust it. It is, for all (good and evil) purposes nothing more then executable code that is launched and communicates in a specified way. So my question remains: How is eDonkey worse than these others? Regards, petard _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Edonkey/Overnet Plugins Could Pose Harm ashton (Dec 16)
- Re: Edonkey/Overnet Plugins Could Pose Harm petard (Dec 17)
- RE: Edonkey/Overnet Plugins Could Pose Harm ashton (Dec 17)
- <Possible follow-ups>
- RE: Edonkey/Overnet Plugins Could Pose Harm ashton (Dec 17)
- Re: Edonkey/Overnet Plugins Could Pose Harm petard (Dec 17)