Slashdot Mirror

← Back to Stories (view on slashdot.org)

UAC Whitelist Hole In Windows 7

Posted by Soulskill on from the time-for-some-creative-rebranding dept.

David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'"

9 of 496 comments (clear)

  1. Try OpenBSD by gearheadsmp · · Score: 1, Informative

    It has great documentation and with NoScript I feel safe everywhere on the Internets.

  2. Re:..bungle, bungle.... by Anonymous Coward · · Score: 3, Informative

    He's talking about use in a business. They're not going to have a deifferent OS on every desktop. They either keep buying XP with each new PC or they upgrade all existing PCs.

  3. Re:Good thing it's a beta by Anonymous Coward · · Score: 3, Informative

    Bull-Shit

    People do not tend to use "admin accounts" for day to day tasks on OSX. You have no idea what you are even talking about. OSX uses a sudo mechanism to elevate privileges (after authentication) for processes.

    It is not annoying, and fairly secure. The design is possible since they are based on a proper multi-user OS (BSD) and multi user and privilege separation is not an afterthought.

  4. Re:OSX UAC by e4g4 · · Score: 4, Informative

    As best I can tell from what this guy is saying, there are some places (like, for example, deleting a file in the /System or /Library directory) where the Finder would prompt you for a password. As OS X matures, there are still some times where the Finder simply doesn't do it right - and simply refuses permission, when it should prompt you for permission. This happens less frequently in Leopard than it did in Tiger. There is nothing separate from the POSIX permissions in OS X, there is nothing like UAC that can be turned on and off. If you have permissions, you can do something, if you don't, you can't, or you are prompted for a password (the gui equivalent of 'sudo').

    --
    The secret to creativity is knowing how to hide your sources. - Albert Einstein
  5. Re:No Script Bragging -- please stop by mysticgoat · · Score: 5, Informative

    You don't know anything of what you speak.

    No Script is about MY having the choice of whether to run an arbitrary program on MY computer. I set up the whitelist, and I decide whether to make an exception.

    My ruff & reddy rules of usage:

    1. On first visit to any trustworthy site, add all its javascript sources that I also think are trustworthy to my white list. A one-time overhead of maybe 3 seconds.
    2. When following a /. lead to a site that I don't know anything about, assess whether any useful content is being hidden by a NoScript block
      • If so, unblock the bolded item in NoScript's list of javascript sources being used on the page. If the page smells worthy of it, I'll add this source to the whitelist, otherwise I'll do the unblock as a one-time thing. Reassess whether useful content is still being hidden, and if so repeat until good.
      • Else, leave all script sources blocked since I can get what I came for without them, and I'm unlikely to come back.
    3. When mucking about in the web's darker corners, do as above, except never permanently add a javascript source to the whitelist. Do it all as one-time only.

    Web pages that are using scripts from three different sources are not uncommon any more. Web pages that are using scripts from 5 or 6 sources are not rare. There are web pages that are using sources that in turn draw on other sources. When running NoScript, I decide not only whether I trust the developer of this web page, but whether I trust his judgment about the scripts that he is importing from elsewhere. I decide how wide I will let the circle of trust get.

    It's really a no-brainer. If you recognize the possibility that you might do something of value with the computer you are using, then use NoScript or something like that as a low cost method of protecting that potential. Otherwise, I would appreciate it if you would disconnect your virus infected, zombied machine from the internet, because your negligence is diminishing the common good.

  6. Re:OSX UAC by blueg3 · · Score: 2, Informative

    Actually, what it has is essentially like sudo but with a graphical authentication system. (The authentication controls allow a fairly large amount of flexibility, but one of its major purposes is a gateway to setuid.)

    If you've ever written these sorts of programs, it's not "mind-boggling" at all. The Terminal will let you sudo-run any command you want; of course you can do it through the Terminal. They haven't covered in the Finder every possible situation you might need privilege escalation -- they have to call the authentication and escalation themselves.

  7. Re:No Script Bragging -- please stop by Anonymous Coward · · Score: 5, Informative

    No Script is about MY having the choice of whether to run an arbitrary program on MY computer.

    Yeah, an "arbitrary program" that is already sandboxed by the browser anyway. The worst it could do is use up some system resources [...]. Those people need to learn to chill and trust their browser sandbox.

    [ ] You know that most security holes needing little to no user interaction require JavaScript to function properly.
    [ ] You know that NoScript can also block other techniques (Flash, Java) that are posing security risks.

    No?

  8. Re:If it was easy-- by nog_lorp · · Score: 2, Informative

    Microsoft's behavior with Excel reflects their general behavior. They have taken YEARS to patch bugs like the CSRSS backspace exploit (unprivileged bug causing complete crash of system).

  9. Re:If it was easy-- by Vainglorious+Coward · · Score: 2, Informative

    The current trend is to have 'admin' users on Linux able to do things with their password instead of root, many even ban root from logging in. The 'sudo for everything' mental disease all in the name of making Linux look like Windows/Mac

    The main reason for requiring admins to use sudo is accountability - all actions can be properly logged and audited. That's not possible if you allow admins to su to root or login as root. In any environment of any consequence that has multiple admins with (possibly individually varying levels of) root privileges, using sudo is the sensible and secure way to do it.

    --
    My next sig will be ready soon, but subscribers can beat the rush