[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Re: HTML Help API - Privilege Escalation
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Re: HTML Help API - Privilege Escalation
- From: KF <dotslash@snosoft.com>
- Date: Sat, 25 Oct 2003 06:42:32 -0400
Sebastian Niehaus wrote:
KF <dotslash@snosoft.com> writes:
[...]
I would relate this
type of attack to a setuid program calling system("clear") while
running as root on a unix machine. This does not mean that system() is
flawed rather that when implementing this call you need to be more
careful and drop your privs.
Well, if you have a programm to be run in suid mode, every Unix admin
should be alerted. They are used to review the source code of this
kind of stuff.
By the same token on a win32 machine when I hit ctrl alt del ...
anything that says SYSTEM on it I usually take a quick peak at. There
are plenty of win32 programs that run in a privleged mode. Rewording
what you said .. every Winblows admin should be alert orfSYSTEM level
applications (be it a service or a desktop application).
You won't be able to do this with your average windows junk...
Well there are not setuid applications in win32 but as I mentioned above
there are apps that run with elevated priv levels. Heck look at shatter
type attacks... In the win32 world thats about as close to a local
attack (on unix) against a setuid binary.
-KF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html