To anyone who wants to better understand true SAS behavior in Windows NT- Just today, amazingly enough, a very good article arrived from Paula Tomlinson in the Feb. issue of Windows Developer's Journal. In her columns, Understanding NT, she describes the SAS execution flow and fully reviews the details w/ code and API calls of how to replace the Gina AND how to trap and create the logon box. (Which the below listed NT security books say can't happen) Compare the following quotes "you can provide custom code that participates in the logon process AND that controls the user interface for Logging on" - Paula Tomlinson WDJ "(In order to prevent password capture) "This key sequence cannot be duplicated by an application programs" NT Security Handbook by Hadfield While LeBlanc is correct that the Gina is "protected", there is no documentation which widely advises not surfing the web under the Administrator account (I know that NO one here does that anyway:) ) in order to prevent an overflow in your browser(an app running with sufficient privs) to do the damage. Any administrator reading the current crop of NT security books comes away with a false impression - That an application cannot compromise the trusted path. The "Windows NT Security Guide" by Sutton, or the black book, "NT Security Handbook" by Hadfield or any book on the market I know of plainly indicates that NT is designed so that an application can't circumvent the trusted path. This is not correct. None of these books talk about how the SAS is actually protected, They talk about how the Gina is trojan proof. In my mind, this is quite different. jdg NT OBJECTives, Inc. http://www.ntobjectives.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:31:39 PDT