That's much clearer and correctOriginally posted here by Maestr0
SirDice,
I think you may have misunderstood my comment. I said to allow execute permissions on cmd.exe for admin ONLY(This means deny SYSTEM). That means SYSTEM cannot execute cmd.exe OR take ownership of cmd.exe, this way if someone has found a buffer overflow in a program running under a SYSTEM context then the code will not be able to execute cmd.exe
-Maestr0
EDIT: I see that the original statement was unclear, the statement should have read:
"(System cannot take ownership so buffer overflow attacks <which execute these binaries> will be much harder to achieve)"It's all a matter of payload. So I think this would only protect you from prebuild exploits (scriptkiddie tools?).
I'm not sure about not being able to take ownership. I think you can still take ownership and nuke the ACL in the process (mental note: must try this out).
Servicepack/hotfix level has nothing to do with it. The default screensaver (when noone is logged on) will run in the SYSTEM context (this is by design). So if you have no or bad ACLs on %windir% this would still work.Originally posted here by kroltz
im just interested if u tried this on service pack 3 or not, let me know
Reply With Quote