Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Message Security Flaw Explained

Posted by timothy on from the the-fix-is-in-and-waddles dept.

Geoff Shively writes "Canadian security researcher Oliver Lavery published a fantastic paper on Win32 Message Vulnerabilities. The paper touches on a the Shatter problem that received much attention almost 1 year ago regarding the fundamental flaws in the Win32 API. Oliver's research demonstrates that the Shatter vulnerability is still very much in existence and quite a threat. Vendors need to wake up and work towards fixing this problem in their applications."

3 of 48 comments (clear)

  1. Re:Venders problem? by David+Leppik · · Score: 3, Interesting
    It's not an OS "problem" -- it's a design issue. The "desktop" is designed to be a security boundary within which programs can send each other I/O. If you insist on running a privileged program within the desktop, you deserve what's coming.
    The original author even indicated that Unix/X11 probably suffers from the same issue, except there's no exploit code yet. Anyway, it's like running "pine" as root, and then blaming Unix when the user shells out somehow.
    This is a well-known and very old problem with the design of X. I heard about it in college, back in the early '90s. If you were to design a windowing system these days, you might be smart enough not to use function pointer addresses in shared memory for interprocess communications. But back when X (and windows) were first desgined, they had neither CPU cycles nor the memory to do it right. Arguably X had less excuse for poor security, since it was designed as a multi-user system for running GUIs across the Internet.
  2. Is it really that simple? by Futurepower(R) · · Score: 2, Interesting

    Is it really that simple? Windows has numerous system windows that are hidden, that, according to the developer of the shatter attack, could also be used to implement the attack. My understanding is that Linux and BSD have nothing like that. In Windows, system windows are used for other purposes than GUI display.

  3. Re:What do you think? by Anonymous Coward · · Score: 1, Interesting

    IIRC a couple of updates have been released for Windows XP to correct the system processes that were vulnerable. I don't have the details, but I seem to remember those appearing shortly after the initial Shatter paper.

    NT does have a very nice security model for nearly all kernel objects, and it extends to things like process handles (IDs, interfaces). I don't believe it currently extends to the messaging framework, but it probably could be without too much difficulty. That would allow processes to easily control which other processes can access them. Some problems appear here with the system-wide messages though -- things like power management notifications can actually be sourced from other processes.

    One major point the Shatter paper brought up was in regard to the WM_TIMER message handling. In the default configuration, it was intercepted by the Win32 user layer (outside the application's control) and handled (badly). It's difficult for applications to do their own filtering at this level.

    It seems I keep changing my views from my original post -- things like this should indeed be addressed in the Windows API. I still maintain that these are not necessary for security issues, but they would certainly help for application integrity.