Re: Block (or Hide) Control Panel
- From: "Alexander Grigoriev" <alegr@xxxxxxxxxxxxx>
- Date: Sun, 17 Dec 2006 21:28:17 -0800
LOCAL_SYSTEM is the most powerful account, with more privileges than the
local Administrator. Some services run with LOCAL_SERVICE account, though,
and some run with NETWORK_SERVICE. Those are somewhat restricted in
privileges. Backup Operator is a group, not account.
"Joseph M. Newcomer" <newcomer@xxxxxxxxxxxx> wrote in message
news:t0pbo29likf4stbbjf5il0rmfhnjruc63d@xxxxxxxxxx
Actually, most services run with the LocalSystem account, which I believe
is a good deal
more restricted than Administrator. Network backup products, for example,
require either
"Backup Operator" or "Administrator" privileges...where Backup Operator is
somewhat more
restricted than Administrator, but can read or write any file on the
nework.
And given some of the privilege escalation attacks you can create that
cause privileged
apps to run untrusted code, the ability to do have a privileged app cross
desktops is
truly scary.
Concepts like "least authority" don't work, either, because authority is
too homogeneous.
Vista addresses this by running each app at the lowest possible security
privilege level
consistent with that app, but this overall still isn't good enough,
because centuries of
actual security experience by human organizations have demonstrated that
compartmentalization determined by "need to know" is the most effective
system. So, for
example, as long as arbitrary code can come across the Internet and read
or write any
state on my machine, where I cannot control the access as to what it is
reading or
writing, makes them serious security risks. As amply demonstrated by the
current
vulnerabilities.
There's just a little too much of "my job would be easier if I didn't need
to deal with
security, so please add this API" that went on at Microsoft, back when
computers were
thought of "personal" and accessible only by one individual. What is
astonishing is that
the documentation on BroadastMessage is remarkbly sketchy, particularly
above security.
joe
joe
On Sun, 17 Dec 2006 16:35:22 -0800, "David Ching"
<dc@xxxxxxxxxxxxxxxxxxxxxx> wrote:
"Joseph M. Newcomer" <newcomer@xxxxxxxxxxxx> wrote in messageJoseph M. Newcomer [MVP]
news:tnfbo25pgueunkv73v0he11veuefn21n8s@xxxxxxxxxx
To do this, the process has to have the SE_TCB_NAME right, which marks
it
as part of the
"trusted computer base", at least that's what the documentation claims.
Otherwise, this essentially makes it possible for cross-desktop
messaging,
and this
obviates all security in the system.
If I have the right to do this, I can compromise nearly every attempt at
security in the
system, which is a very, very scary concept.
Secure or not, this is what is provided in Windows. I'm no expert on
security, but I've thought that services are by definition "trusted" since
they run with Admin priviledge (whatever that means in these days of UAC).
-- David
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.
- Follow-Ups:
- Re: Block (or Hide) Control Panel
- From: Joseph M . Newcomer
- Re: Block (or Hide) Control Panel
- References:
- Re: Block (or Hide) Control Panel
- From: Joseph M . Newcomer
- Re: Block (or Hide) Control Panel
- From: David Ching
- Re: Block (or Hide) Control Panel
- From: Joseph M . Newcomer
- Re: Block (or Hide) Control Panel
- From: David Ching
- Re: Block (or Hide) Control Panel
- From: Joseph M . Newcomer
- Re: Block (or Hide) Control Panel
- Prev by Date: Re: Block (or Hide) Control Panel
- Next by Date: dll not able to insert data
- Previous by thread: Re: Block (or Hide) Control Panel
- Next by thread: Re: Block (or Hide) Control Panel
- Index(es):
Relevant Pages
|
