Yes, I fully agree with you. But I think that one privilege is enough to
do anything with your OS. If you guess SeLoadDriverPrivilege, you’re right
;-)).
And the driver development cannot be done without this privilege, thus
when you’re developing drivers, you’re always risking a bit ;-))).
Paul
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Eric Lee Steadle
Sent: Thursday, April 18, 2002 5:00 PM
To: NT Developers Interest List
Subject: [ntdev] Re: I want to retrieve Username ,Password ,Domain text from
GINA system.
This is not really a security issue.
In order to install such a “wrapper” for GINA in the first place, you’d have
to have “administrator” privilege.
The only way to get Administrator privilege is to login first, before the
wrapper is installed.
You, as Administrator have to decide whether you trust this Wrapper before
you install it – the same kind of decision you make when
you install and use the “original” MS supplied GINA which just happens to be
installed as part of OS installation.
So if you don’t trust the wrapper, you don’t install it.
This is the reason, BTW, that you shouldn’t be logging into your system on a
daily basis as administrator. Administrator has the
privilege to install any component into the Trusted Computing Base, and if
you’re casual about installation, you just might
accidentally install a Trojan that compromises your system. We as developers
tend to be a bit lax about security because we
typically need very high privilege levels in order to get our jobs done.
Rather than investigating and enabling just the privileges
we need to do debugging, we just login as Admin and be done with it. I’m
guilty of it. I’m sure others are as well.
ERX
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Gregory G. Dyess
Sent: Thursday, April 18, 2002 10:18 AM
To: NT Developers Interest List
Subject: [ntdev] Re: I want to retrieve Username ,Password ,Domain text
from GINA system.
I read the original posting as a wrapper around GINA, not a
replacement for
it. If I misread, then I apologize and see no concerns. If I read it
correctly, then I have a big concern if it is possible.
Greg
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Stefan Boboc
Sent: Thursday, April 18, 2002 10:07 AM
To: NT Developers Interest List
Subject: [ntdev] Re: I want to retrieve Username ,Password ,Domain text
from GINA system.
If you replace GINA who can stop you from doing this?
Stefan
-----Original Message-----
From: Gregory G. Dyess [mailto:xxxxx@pdq.net]
Sent: Thursday, April 18, 2002 3:58 PM
To: NT Developers Interest List
Subject: [ntdev] Re: I want to retrieve Username ,Password ,Domain text
from GINA system.
I really hope like hell you can’t do it! That would violate
any number of
proper security procedures and safeguards.
Greg
----- Original Message -----
From: “Krishna”
>To: “NT Developers Interest List”
>Sent: Thursday, April 18, 2002 3:55 PM
>Subject: [ntdev] I want to retrieve Username ,Password ,Domain
>text from
>GINA system.
>
>
>> Hello All ,
>>
>> I am developing one wrapper around MSGINA for windows NT
>,but I am unable
>> to get the UserName and Password after User enter’s it while
>login. Can
>> anybody tell me in which callback I should get it ??
>> I tried in WlxLoggedOutSAS and WlxActivateUserShell…
>>
>> How can I get it ???
>>
>> —
>> You are currently subscribed to ntdev as: xxxxx@aalayance.com
>> To unsubscribe send a blank email to %%email.unsub%%
>>
>
>
>—
>You are currently subscribed to ntdev as: xxxxx@pdq.net
>To unsubscribe send a blank email to %%email.unsub%%
>
>
>—
>You are currently subscribed to ntdev as: sboboc@ps.ro
>To unsubscribe send a blank email to %%email.unsub%%
>
>—
>You are currently subscribed to ntdev as: xxxxx@pdq.net
>To unsubscribe send a blank email to %%email.unsub%%
>
>
>—
>You are currently subscribed to ntdev as: xxxxx@spinnakernet.com
>To unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to ntdev as: xxxxx@compelson.com
To unsubscribe send a blank email to %%email.unsub%%