On Thu, 18 Apr 2002, Eric Lee Steadle wrote:
This is the reason, BTW, that you shouldn’t be logging into your system
on a daily basis as administrator. Administrator has the privilege to
install any component into the Trusted Computing Base, and if you’re
casual about installation, you just might accidentally install a Trojan
that compromises your system. We as developers tend to be a bit lax
about security because we typically need very high privilege levels in
order to get our jobs done. Rather than investigating and enabling just
the privileges we need to do debugging, we just login as Admin and be
done with it. I’m guilty of it. I’m sure others are as well.
If we have the ‘debug any process’ privilege, the system can be
compromised (DLL injection into a privileged process, etc.). But for many
debugging tasks (e.g. writing services), this is essential.
If we have the ‘load device driver’ privilege, the system can be
compromised (load a driver to do whatever naughty things you want it to
do). But for many debugging tasks (e…g writing drivers), this is
essential.
Thus, it’s frequently impractical for developers to run as anything other
than a user who can compromise the machine.
I don’t believe that Administrators (or anyone else, for that matter)
default to having the TCB privilege. I’m not sure it’s even particularly
powerful – certain *authenticated* logon functions require the privilege,
but authenticated functions require user credentials to be passed and get
audited anyway, so I’m not sure there’s any real problem. In XP and .NET
Server, a number of functions that did require the TCB privilege no longer
need it, anyway.
Aside from the debug and driver privilege, there are others that are
sufficient to compromise the system; for instance, the pairing of create a
token and replace a process-level token allows us to create a user token
(without bothering to actually authenticate) and then use it to spawn
processes.
ERX
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com]On Behalf Of Gregory G. Dyess
>Sent: Thursday, April 18, 2002 10:18 AM
>To: NT Developers Interest List
>Subject: [ntdev] Re: I want to retrieve Username ,Password ,Domain text
>from GINA system.
>
>
>I read the original posting as a wrapper around GINA, not a
>replacement for
>it. If I misread, then I apologize and see no concerns. If I read it
>correctly, then I have a big concern if it is possible.
>
>Greg
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com]On Behalf Of Stefan Boboc
>Sent: Thursday, April 18, 2002 10:07 AM
>To: NT Developers Interest List
>Subject: [ntdev] Re: I want to retrieve Username ,Password ,Domain text
>from GINA system.
>
>
>If you replace GINA who can stop you from doing this?
>Stefan
>
>-----Original Message-----
>From: Gregory G. Dyess [mailto:xxxxx@pdq.net]
>Sent: Thursday, April 18, 2002 3:58 PM
>To: NT Developers Interest List
>Subject: [ntdev] Re: I want to retrieve Username ,Password ,Domain text
>from GINA system.
>
>
>I really hope like hell you can’t do it! That would violate
>any number of
>proper security procedures and safeguards.
>
>Greg
>
>----- Original Message -----
>From: “Krishna”
> >To: “NT Developers Interest List”
> >Sent: Thursday, April 18, 2002 3:55 PM
> >Subject: [ntdev] I want to retrieve Username ,Password ,Domain
> >text from
> >GINA system.
> >
> >
> >> Hello All ,
> >>
> >> I am developing one wrapper around MSGINA for windows NT
> >,but I am unable
> >> to get the UserName and Password after User enter’s it while
> >login. Can
> >> anybody tell me in which callback I should get it ??
> >> I tried in WlxLoggedOutSAS and WlxActivateUserShell…
> >>
> >> How can I get it ???
> >>
> >> —
> >> You are currently subscribed to ntdev as: xxxxx@aalayance.com
> >> To unsubscribe send a blank email to %%email.unsub%%
> >>
> >
> >
> >—
> >You are currently subscribed to ntdev as: xxxxx@pdq.net
> >To unsubscribe send a blank email to %%email.unsub%%
> >
> >
> >—
> >You are currently subscribed to ntdev as: sboboc@ps.ro
> >To unsubscribe send a blank email to %%email.unsub%%
> >
> >—
> >You are currently subscribed to ntdev as: xxxxx@pdq.net
> >To unsubscribe send a blank email to %%email.unsub%%
> >
> >
> >—
> >You are currently subscribed to ntdev as: xxxxx@spinnakernet.com
> >To unsubscribe send a blank email to %%email.unsub%%
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@inkvine.fluff.org
> To unsubscribe send a blank email to %%email.unsub%%
>
–
Peter xxxxx@inkvine.fluff.org
http://www.inkvine.fluff.org/~peter/
logic kicks ass:
(1) Horses have an even number of legs.
(2) They have two legs in back and fore legs in front.
(3) This makes a total of six legs, which certainly is an odd number of
legs for a horse.
(4) But the only number that is both odd and even is infinity.
(5) Therefore, horses must have an infinite number of legs.