actually, this is only partly true. you can compare SE priv levels granted to the tokens. at very least, you can drop all (or almost all) privs from the token before impersonation. i belive there is an option in some of the Impersonate* win32 api code to handle automatic dropping of privleges, but it's been a while since i played with them. Also, Administrator and LOCAL_SYSTEM (and a few hardcoded groups) should always have the same SID, since they are integral to the operation of the system. They may not have the same name, or password, but by doing SID comparisons against known accounts or groups, you could imply a heirarchy, at least logically. Signed, Ryan Permeh eEye Digital Security Team http://www.eEye.com/Retina -Network Security Scanner http://www.eEye.com/Iris -Network Traffic Analyzer http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities ----- Original Message ----- From: "3APA3A" <3APA3Aat_private> To: "Minchu Mo" <morris_minchuat_private> Cc: <vuln-devat_private> Sent: Monday, December 10, 2001 10:51 PM Subject: Re: Why MS namedpipe work this way > Hello Minchu, > > > --Monday, December 10, 2001, 2:56:05 PM, you wrote to vuln-devat_private: > > > > > MM> Would it be better to have this function > MM> ImpersonateNamedPipeClient() work only in case > MM> when namedpipe server have higher privilidge than > MM> client. > > Under *nix there is superuser with uid 0 and ordinary users. Under > Windows there is no things like that. There is a set of permissions and > group memberships each user can be given. It's impossible to compare 2 > abstract users who has "higher" privileges. > > > > -- > ~/ZARAZA > Машина оказалась способной к единственному действию, > а именно умножению 2x2, да и то при этом ошибаясь. (Лем) > >
This archive was generated by hypermail 2b30 : Tue Dec 11 2001 - 10:01:04 PST