[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: Question for the Windows pros

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Re: Question for the Windows pros
From: "Dave Korn" <davek_throwaway@xxxxxxxxxxx>
Date: Thu, 19 Jan 2006 14:56:57 -0000

Paul Schmehl wrote in news:5E610DD0DFACB633154F31E7@xxxxxxxxxxxxxxxxxxxxx

> This is incorrect.  The privilege exists *and* functions on the
> Workstation operating systems Win2000 SP4 *and* WinXP.  I have verified
> this through testing.

  Yes, there's nothing new about impersonation, it's been there all the way 
back to NT.

> I've already been there and read the page - several times.  I understand
> *in general* what an impersonation privilege is.  I need to know
> *specifically* what "server's clients" can be impersonated when this
> privilege is applied to an account.  So far, I've found nothing on the web
> that even attempts to address that issue.

> Unfortunately, it has not.  Again, I understand *in general* what
> impersonation is, how it works and what it can mean in terms of security.
>
> I am looking *specifically* for what a user who has the privilege
> Impersonate a client after authentication has the right to do.  Does it
> mean that *anything* that user runs runs under his/her privileges?  Does
> it mean only *local* processes are affected?  Does it mean a hacker can
> access the machine remotely and run under the user's privileges?
>
> IOW, if I have a domain account name "Joe", and I grant "Joe" this
> privilege, what is placed at risk?  The local machine he's logged in to?
> The entire domain?  Only certain services?  Saying it's a high risk (like
> ISS does) and then not defining *precisely* what the risks are is not
> helpful.

> And all I was really asking for is pointers to any white papers or
> conference presentations that even attempt to illuminate this issue.
>
> It's looking like there are none.

  The info is out there, but it's scattered across a combination of MSDN, 
WDJ, OSR and similar sources.

  I started writing a full explanation yesterday when you posted this.  I'll 
try and finish it off when I get home from work this evening.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Question for the Windows pros
  - From: Paul Schmehl
- Re: [Full-disclosure] Question for the Windows pros
  - From: Stuart Dunkeld
- Re: [Full-disclosure] Question for the Windows pros
  - From: Paul Schmehl
- Re: [Full-disclosure] Question for the Windows pros
  - From: Frank Knobbe
- Re: [Full-disclosure] Question for the Windows pros
  - From: Paul Schmehl
- Re: [Full-disclosure] Question for the Windows pros
  - From: Yvan Boily
- Re: [Full-disclosure] Question for the Windows pros
  - From: Paul Schmehl

Prev by Date: [Full-disclosure] Re: Re: Security Bug in MSVC
Next by Date: [Full-disclosure] Re: Question for the Windows pros
Previous by thread: Re: [Full-disclosure] Question for the Windows pros
Next by thread: Re: [Full-disclosure] Question for the Windows pros
Index(es):
- Date
- Thread