Re: Ilfak's WMF patch

[Valdis.Kletnieks () vt edu]

On Sun, 01 Jan 2006 16:44:53 CST, Matthew Murphy said:

> The question we should all be asking is why a hole this obvious wasn't
> spotted.  A graphics renderer that includes *BY-DESIGN* functionality to
> allow a graphics file to redirect execution control should've set off a
> few thousand red flags inside Microsoft.  SWI auditing probably
> should've spotted this one.

<-- static int hat.tinfoil++; >

You're assuming it wasn't spotted.  More likely, it was spotted and well-known
by people inside Microsoft, and existed specifically so that some Microsoft
product didn't have to go through the effort of implementing their own
callbacks in a security-sane way.

I'll make the prediction that the Microsoft fix will include something
of the form:

        if (current->program != "M$-Hosed") then close_hole();

(suitably obfuscated to delay the embarassment, of course).

<-- hat.tinfoil--; >

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.