Full Disclosure mailing list archives
RE: IE is just as safe as FireFox
From: "Phillip R. Paradis" <prp17 () adelphia net>
Date: Thu, 25 Nov 2004 05:41:37 -0500
Wouldn't such a tool be of limited utility, given that theunpriviligedapplication's windows are on the same desktop as, and cantherefore sendmessages to, windows belonging to priviliged applications?Correct. Damn no ways out, this is flawed. Is that new ? No.
IIRC, this was discussed long ago on NTBUGTRAQ when Win2k was released, and people thought about using RunAs to run applications with an unpriviliged user while logged in as an administrator, with the same conclusion. Arguably, the same vulnerability exists when using RunAs to execute a process with admin rights while logged in as an unpriviliged user, but it would be harder to predict when the system is vulnerable. When logged in as admin, there is always a window attached to a priviliged process somewhere; namely, the desktop, taskbar, etc, whereas when logged in as a peon and using RunAs for admin rights when needed, this is not the case; priviliged applications are running only part of the time and there is no common target; methods for attacking a control panel applet in this manner will likely differ from methods used to attack, say, MMC, while things are easier if you know there will always be a taskbar or desktop to attack. Also, when using RunAs to elevate privilige when needed, rather than to drop privilige, the danger can be mitigated by closing the priviliged process prior to doing something dangerous like browsing the web or reading mail. On the other hand, one could always inject some form of malware into the unpriviliged user's session which waits for the user to make use of RunAs, then captures the password as it's typed or attacks the subsequently started process. I guess the fun never ends... -- Phil _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: IE is just as safe as FireFox, (continued)
- RE: IE is just as safe as FireFox joe (Nov 17)
- RE: IE is just as safe as FireFox Todd Towles (Nov 16)
- RE: IE is just as safe as FireFox Stuart Fox (DSL AK) (Nov 16)
- RE: IE is just as safe as FireFox Todd Towles (Nov 18)
- IE is just as safe as FireFox houser (Nov 24)
- Re: IE is just as safe as FireFox devis (Nov 24)
- RE: IE is just as safe as FireFox joe (Nov 24)
- Re: IE is just as safe as FireFox devis (Nov 24)
- RE: IE is just as safe as FireFox Phillip R. Paradis (Nov 25)
- Re: IE is just as safe as FireFox devis (Nov 25)
- RE: IE is just as safe as FireFox Phillip R. Paradis (Nov 25)
- Re: IE is just as safe as FireFox devis (Nov 24)
- Re: IE is just as safe as FireFox Gregh (Nov 25)
- RE: IE is just as safe as FireFox Phillip R. Paradis (Nov 25)
- Re: IE is just as safe as FireFox Eric Paynter (Nov 25)