On Thu, 2 Oct 2003 17:28:14 +1200 "Brett Moore" <[EMAIL PROTECTED]> wrote:
> > It appears from our testing that any thread running under any security > level will accept a WM_QUIT message, causing the process to terminate. > ... > While this does not have the security implications of 'privilege escalation' > attacks, it may cause some concerns under certain circumstances. > In some circumstances this probably may be used for privilege escalation. In windoze a process may escalate its privileges if a more privileged process writes to its named pipes. So if you manage to kill a process which holds important named pipe, then create the same named pipe and then someone writes to your named pipe you may elevate your privileges. You may check http://www.guninski.com/dr07.html for an old demo. georgi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
