Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Question for the Windows pros
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Thu, 19 Jan 2006 15:03:21 -0000


Paul Schmehl wrote in news:81C38B0596641FE18D090A87 () utd59514 utdallas edu

  Oh, alright, just one more, then I'll leave it until I've finished my 
essay.

The spyware has to bring the credentials with it.  The user doesn't *have*
the credentials.  It *gets* them from the process in question.  That's a
bit different.  The user has the right to impersonate within the context
of a process.  The process must already have the credentials to elevate,
or the user gets nothing (if I'm understanding impersonation correctly.)

  You aren't, sorry!  This is in fact almost exactly back-to-front: the user 
*does* have credentials, and processes inherit their credentials from the 
user who launches the process.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault