Vulnerability Development mailing list archives
The problem with NT services ...
From: Balamurugan Koodalingam <balaiswaiting () YAHOO COM>
Date: Fri, 19 Jan 2001 07:49:30 -0800
Hai! One significant problem in using Windows NT service application is that the executable file of the service application could be replaced with some other executable - of course another service application, in which one can do whatever he wants. I know very well that it is nothing new but just in case if you wonder ... For example I can write a service application say KewlBabe.exe, that will add a user to Administrators group and then stops or does whatever. Now, if I (logged-in as ordinary user) do the following steps, as you may know I can break-in ... 1. Rename an automatic service like spoolss.exe (Note: in some machines I heared that it is not possible to rename spoolss.exe. However, antivirus auto protecting services and many other product's automatic services executable are always could be renamed, I bet). 2. Rename my service KewlBabe.exe to spoolss.exe. 3. Restart the system. 4. Restore the executable names. Cool? I can do whatever in my service. I have used this method, in our office, to recover forgotten or unavailable Admin password, couple of times. Yesterday, I was thinking of how to prevent this ... Restricting folder permission while installing the product will not help if installed in the FAT partition, right? There could be many other ways, but what came to mind was ... just opening the service application's executable file in the exclusive mode as part of the service initialising process. And finally as part of clean up close that file handle. That's it. In this case I am not able to rename an automatic servie application's executable file. But I am not sure of the down side of this method. Is there any other better way? Sincerely, Bala. Balamurugan Koodalingam, HCL Technologies Ltd. __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
Current thread:
- The problem with NT services ... Balamurugan Koodalingam (Jan 19)
- Re: The problem with NT services ... 3APA3A (Jan 21)
- Re: The problem with NT services ... Maxime Rousseau (Jan 21)
- Re: The problem with NT services ... Pavel Kankovsky (Jan 22)