|
-
June 11th, 2003, 12:36 PM
#21
Originally posted here by Maestr0
(System cannot take ownership so buffer overflow attacks will be much harder to achieve)
This is BS. File ownership has absolutely nothing to do with the security context the file will be run under. SYSTEM would still be able to run the file and it would still contain an exploitable buffer overflow.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 11th, 2003, 12:55 PM
#22
anyone tried running mmc from that command window? it seems to me that could give you a few choice options as far as security is concerned, I'm going to try it right now
:q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)
-
June 11th, 2003, 09:11 PM
#23
SirDice,
I think you may have misunderstood my comment. I said to allow execute permissions on cmd.exe for admin ONLY(This means deny SYSTEM). That means SYSTEM cannot execute cmd.exe OR take ownership of cmd.exe, this way if someone has found a buffer overflow in a program running under a SYSTEM context then the code will not be able to execute cmd.exe
-Maestr0
EDIT: I see that the original statement was unclear, the statement should have read:
"(System cannot take ownership so buffer overflow attacks <which execute these binaries> will be much harder to achieve)"
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
-
June 11th, 2003, 10:37 PM
#24
Junior Member
did u try this on SP3 for 2k?
im just interested if u tried this on service pack 3 or not, let me know
-
June 17th, 2003, 03:59 PM
#25
Originally posted here by Maestr0
SirDice,
I think you may have misunderstood my comment. I said to allow execute permissions on cmd.exe for admin ONLY(This means deny SYSTEM). That means SYSTEM cannot execute cmd.exe OR take ownership of cmd.exe, this way if someone has found a buffer overflow in a program running under a SYSTEM context then the code will not be able to execute cmd.exe
-Maestr0
EDIT: I see that the original statement was unclear, the statement should have read:
"(System cannot take ownership so buffer overflow attacks <which execute these binaries> will be much harder to achieve)"
That's much clearer and correct  It's all a matter of payload. So I think this would only protect you from prebuild exploits (scriptkiddie tools?).
I'm not sure about not being able to take ownership. I think you can still take ownership and nuke the ACL in the process (mental note: must try this out).
Originally posted here by kroltz
im just interested if u tried this on service pack 3 or not, let me know
Servicepack/hotfix level has nothing to do with it. The default screensaver (when noone is logged on) will run in the SYSTEM context (this is by design). So if you have no or bad ACLs on %windir% this would still work.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
