Hang on a minute, I thought you had to have administrator access before you were permitted raw access to the hard drive.
The createfile documentation tells us that opening a physical disk / Volume requires that the caller must have administrative privileges. I'm just wondering how flawed the implementation of the windows paging model is that it would allow for this kind of breach. The standard model I'm familiar with would simply flush the page from memory, and would not keep a copy in the external page-file, instead relying on the copy that already exists on the disk. Obviously I need to read more on this. Kenneth Van Wyk wrote: > Here's an interesting article from Dark Reading regarding a software > attack on the existing Vista beta: > > http://www.darkreading.com/document.asp?doc_id=99780&f_src=darkreading_section_296 > <http://www.darkreading.com/document.asp?doc_id=99780&f_src=darkreading_section_296> > > I noticed, in particular, that the attack is against a design weakness > of Vista -- "The attack doesn't use your typical buffer overflow or > other bug, but basically exploits a Vista (and Windows) design problem > -- that user-mode applications are allowed to access raw disk sectors, > Rutkowska says." > > The attack, which is being described in detail at Blackhat, looks for > "interesting" OS code to be paged out and then carefully modifies the > contents of the page file in order to dupe Vista into loading the > corrupt page data. -- Pete +353 (87) 412 9576 [M] Where there's a will, there's an Inheritance Tax. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
