Scott, Shatter exposes two different issues:
* VNC induced buffer / heap overruns * WM_TIMER and other Win32 API issues VNC-induced shatter: I think the best way to avoid giving up SYSTEM is to divorce the systray and its UI from the bits that really must be running as SYSTEM. Thus Rudi De Vos' kernel mode driver is a good idea (and in fact, the only reasonable solution) - it basically means that the UI runs as the user. Using shatter to compromise the UI then doesn't allow escalation. The communication between the kernel mode driver and the UI needs to be carefully gated, but this can be done by using the registry, and using the registry notify API (winnt 3.1 or later, Win 98 or later) to update the preferences on the fly along with a RegNotifyChangeKeyValue() call. Obviously, the kernel mode driver, being where it is (can cause a blue screen) will need to carefully screen the data to ensure its safety. Then we need to go through the remaining UI code to find and eliminate any potential methods which could lead to a buffer / heap overrun. WM_TIMER induced shatter: One of the modes is the range of messages that we don't even get to see that could execute code as the user the UI runs as. Again, by divorcing the UI from the bits that actually need privs, the escalation possibility decrease. Going to another window library will just add bloat, and substitute a different set of bugs into the equation. Thanks, Andrew -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott C. Best Sent: Friday, 16 August 2002 9:04 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: "shatter" vulnerability Chris: Heya. While I agree that the 'shatter' attack is something every user should bring to Microsoft's attention (which I can see in your email headers that you did), at the same time I don't consider it a VNC problem. <duck> _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
