Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1998

Re: NT Screen Saver Password Protect Bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NT Screen Saver Password Protect Bug

To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: Re: NT Screen Saver Password Protect Bug
From: Paul Leach <paulleMICROSOFT.COM>
Date: Fri, 27 Mar 1998 11:55:33 -0800
Comments: To: David Hiers <USFTLTV9IBMMAIL.COM>
Reply-To: Paul Leach <paulleMICROSOFT.COM>
Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

All of what you said is irrelevant to the case at hand. It does not apply to
people who can change the code of the system.

FURTHERMORE: I never said that this wasn't a security problem. It is indeed
a problem that someone who can change the code of the system, such as an
admin, can plant trojan horses. However, it is an UNSOLVABLE problem, and so
fixing one instance is useless and can only lead to a false sense of
security.

There is only one thing that can be done about it: DON'T LOG INTO SYTEMS
WHERE YOU DON'T TRUST THE SYSTEM'S ADMIN.

> ----------
> From:         David Hiers[SMTP:USFTLTV9IBMMAIL.COM]
> Reply To:     David Hiers
> Sent:         Thursday, March 26, 1998 9:11 AM
> To:   NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
> Subject:      Re: NT Screen Saver Password Protect Bug
>
> I've got to respectfully disagree with Paul concerning his assertion that
> this issue is not a security problem.
>
> Background:
> Once the logon process of any OS finishes, I know that a person
> (PRINCIPAL) has proven their authorization to access an account (with
> knowledge of an account name and password, for instance).  That account is
> now considered a SUBJECT.  A SUBJECT's attempt to access OBJECTS (files,
> programs, hardware, etc (any protected entity)) is controlled by a
> Reference Monitor.
>
> Analysis:
> Once the link between a PRINCIPAL and SUBJECT is broken, security is
> broken, and all the activity of the Reference Monitor is invalid and
> untrustable.
>
> Discussion:
> That it takes administrative rights on a workstation to execute the
> exploit makes this problem even worse.  Note that as you move up the
> security scale, (C1, C2, B1, B2, ...) controls on the behavior of
> administrative users becomes greater, not lesser.  In fact, the increasing
> controls on admin's rights lead eventually to a system in which no one
> person has unlimitted rights.  Hence, the more security you want, the more
> you have to be able to control and monitor the activities of your trusted
> users (administrators).
>
> Conclusion:
>  Any programmatic behavior  that permits unintended impersonation-type
> functionality is a security vulnerability.  The risk is proportional to
> the likelihood that someone possesses the skill and desire to download and
> run GetAdmin on a workstation that a Domain Admin is likely to use.
>
> David Hiers
>

Prev by Date: Re: NT Screen Saver Password Protect Bug
Next by Date: Re: NT Screen Saver Password Protect Bug
Prev by thread: Re: NT Screen Saver Password Protect Bug
Next by thread: Re: NT Screen Saver Password Protect Bug
Index(es):
- Date
- Thread