> -----Original Message-----
> From: Rothe, Greg (G.A.) [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 27, 2002 10:00 AM
> To: 'Paul Starzetz'; Andrey Kolishak; [EMAIL PROTECTED]
> Subject: RE: White paper: Exploiting the Win32 API.
>
>
> All of this brings up a couple of questions for me:
>
> 1.
> As I understand it, all this can be avoided by applying the
> simple, longtime standard maxim of "trust no input," correct? (If
> correct, this leads me to murmur rhetorically "Have today's
> developers no discipline?")
>
> 2.
> If the above is incorrect,
The above is NOT correct as several posters have already shown.
Anytime a developer has an application running as system which
is a rare need, they must realize the security ramifications of
what they are doing. (That, if a flaw is found in their software,
they will elevate the privileges of the user).
http://www.atstake.com/research/advisories/2000/a090700-1.txt
This is a well known need, even if this type of attack - and therefore
prevention - is not well known.
> and system messages such as event
> notifications (onClick, etc.) can be compromised, then developers
> using tools such as Visual Basic are essentially helpless to
> harden their applications. Other than going back to writing in
> assembly, what is the modern developer to do?
>
You generally will have very few types of applications on
your system which require to run *as* system and can receive
messages (Most that I can think of are actually security
apps that are designed to restrict unprivileged users -- but
maybe I am biased). While you can exploit other applications
not running in a higher privilege space in this manner, this
gains you nothing which you can not do with just running an
binary as that user.
>
> We have here an exclusive or: Which is it - 1 or 2 or neither?
>
> Thanks,
>
> -Greg
<snip>
