From: jnf (lists@innocence-lost.net)
Date: Wed Jan 19 2005 - 19:37:11 EST
> Hi again jnf!
Hello again Miguel
> a) It's perfectly possible for a process to run with high privileges, and
> drop the privileges when in the need to do something else. In fact is not
> only possible, it's common practice, both in the *nix and Windows world.
Agreed, but if its not needed, why do it? I think the kernel intercepting
the keys and then kicking the program when necessary is a much better idea
from a design standpoint, imho of course.
> I blame the fact that WHEN NO ONE IS LOGGED IN, the system is still
> monitoring the 5 SHIFT sequence, and runs sethc.exe as SYSTEM in that case
> (you can even launch explorer.exe and have the whole enchilada as SYSTEM).
> I'm not saying that I'm surprised, considering that the guys at M$ have
> thrown everything but the kitchen sink into system space...
Well it makes sense though, consider that disabled people have to login as
well and if they sit down, they may not be sure what state the computer is
in- however a much better idea at this point is to have an equiv of
'nobody' to have it run as when its run. So in that respect, I don't think
having it intercept the keys before a login is made is bad, however i will
agree doing so as system is generally a bad idea, however if we are to
assume that the program is totally secure (hypothetically), then it really
becomes a moot point as you have to bypass other security mechanisms in
order to take advantage of this. I imagine if you were to ask MS about
this, you would probably get a simple answer (if you got one)
> b) It's perfectly possible to monitor keystrokes even without
> administrative privileges, thanks to the way Windows is built. Feel free
> to try the keylogging functionality of the spanish tool VeoVeo
> (www.hackindex.org) as a normal user. If you don't understand spanish,
> don't panic, I made a translation to english, available at
> http://usuarios.lycos.es/n3kr0m4nc3r/tools/
> I know VeoVeo it's not perfect, but it shows the idea, and the source is
> available if you are not happy with it.
I will relent here because I am not really a windows programmer, and know
only the most basic of windows programming (I did something with routes
once). I would say here this is bad design, however my base point was
working around the least privlidge idea, that the program didn't need to
intercept all the keys. And yes, I speak spanish, however no I don't have
any windows machines- I will take your word on it, and relent on the
subject as I didn't realize you did not need priv's past a regular user
account.
> I hope you don't think that the above are also silly statements...
I was in an odd mood that day, take nothing I said personal.
> Cheers,
>
> Miguel Dilaj (Nekromancer, the humorous one)
jnf
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:14 EDT