Run IE as a less privileged user
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Run IE as a less privileged user

  1. #1
    Banned
    Join Date
    Nov 2003
    Posts
    1,161

    Run IE as a less privileged user

    A quote from: catch

    "Run IE as a less privileged user, all bugs fixed without patching. Gee that was tough."


    This kid below is telling me it doesn't matter If I run on a XP limited account, nor if I use a hardened IE. I will assume catch is right here, not the kid can anyone sort this out? & simplify it.

    thanks



    A quote from: KID
    The problem is not with the account...it's the fact that IE, which operates with the OS at the system level, can be used to attain system level privileges or root which you may have heard of jacka*s

    The user is not the problem if the browser is calling functions at the system level. Just because the browser is opened by the user does not mean that all functions run by the browser are also run as that user...they're run on the system level. Say you hit a website and IE is trying to interpret script, the function to process that code is passed in a system level process. If that process executes code which is able to exploit a vulnerability in the OS the result could be system level privileges to execute the code of choice, the box is owned - root has been owned...because the process operates at the system level, which is independent of who is logged in or what rights they have. If they can run IE the problem still exists. Sure you could limit the users to be unable to run IE but that's not a very good solution. The culprit here is the OS itself...not the user. Patch the box!

  2. #2
    Senior Member
    Join Date
    Sep 2003
    Posts
    126
    would'nt the fact that you are running it a restricted level prevent root level scripts form running.
    Ithink this kid has know idea what he is saying. there may be some issues or expolits you could work at the user level but I have not heard of any. any good admin would make this kid look silly if he tried there system.
    [Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above[/shadow]

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I think kid is talking out of his arse. IE is a normal program which executes at the same level as whatever user is running it.

    Although there have been many exploits in IE which give user level privileges, as far as I'm aware it has never been implicated in a local privilege elevation vulnerability (Of course many Windows users run everything as admin hence making the distinction rather academic).

    It's lies

    Slarty

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Agreed. He makes no sense at all. The proper way to "harden" IE is to configure the security zones, restricted sites and how you allow it to handle cookies, Active X, etc.

    Remember, IE is a program, not a service. Take a closer look at its core capabilities and you'll quickly realize that there are many easier (and logical) places to attempt this type of attack.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    Thanks guys that was good info on the subject. So basically all of what the kid said was BS & its safe to say he knows jack when it comes to security? Im going to do some more reading here, before I launch this verbal nuke Im currently in the process of constructing in Kate editor.

  6. #6
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    After my whole response the kid cant stop.


    QUOTE:The kid
    Uhhh... not exactly. IE's functionality is fully integrated into Windows at the lowest levels in all versions from Win98 on. For example, it's what allows the Quick Launch bar to work and provides the ability to view the desktop (Active Desktop) and folders as web pages. There are all kinds of vunerabilities that this causes: see http://www.secunia.com for several exploits that can be directly traced to IE's integration at this level. It was a bad idea 5 years ago and it's an even worse idea now!

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    His points have some truth to them, however, the specific reference I made is to privilege escalation, not buffer overflows and other vulnerabilities which are listed on the site he points you to. Sure, you will see a variety of issues with an app that is integrated with an OS but you will find a pattern of vulnerabilities which really do not include privilege escalation. Anyway, arguing with him is a mute point. I'd let it go and not worry about it.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Just because the browser is opened by the user does not mean that all functions run by the browser are also run as that user...they're run on the system level.
    Here's an easy way to settle this debate.......

    Close IE, Open the Task Manager, Re-open IE. Now look at the task manager. Under the User Name column, what does it say?

    I thought so.....User Level Process! Still subject to privelage escalation, as thehorse13 said, but a user level process nontheless.
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.


  9. #9
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    Yeah, now that I know he is just trying to spin the subject to save his ass. I gather the conversation is over & that I should just direct him to www.youareanidiot.com

    Thanks guys for laying out the truth here on the matter.

  10. #10
    Custom User
    Join Date
    Oct 2001
    Posts
    503
    It would be a lot easier just to use a decent browser like mozilla :P. And I'm sure that a normal user can spawn a process which can run as root (in *nix os's anyhow). A program can run as a normal user then change it's uid for certain tasks that it has to perform.

    ac

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •