OT Operating System Design WAS RE: [thelist] RE: blaster worm punishment

Ken Schaefer Ken at adOpenStatic.com
Thu Feb 3 05:56:07 CST 2005



: -----Original Message-----
: From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On
: Behalf Of Keith Gaughan
: Subject: Re: OT Operating System Design WAS RE: [thelist] RE: blaster worm
: punishment
: 
: > What exactly is "shoddy" about the design of the OS itself?
: 
: Amongst other things, I'll just mention my two joint pet hates: the
: LocalSystem user, aka "uber-root", the WM_TIMER message. I'll say no
: more 'cause Google is your friend.

Ah, a post that has just enough technical terms to be beyond a rant, but
vague enough that the poster can not be pinned down to the details of the
shoddiness that they purport to be showing us. :-)

I don't know what's wrong with LocalSystem per se, or with WM_Timer messages.
Googling for either of those two, plus your name, doesn't return any hits, so
I'm still a little in the dark as to your state of mind regarding those two
things.

Now, you could be referring to a security vulnerability that was patched back
in 2002. This vulnerability was the basis for so-called "shatter" attacks. An
attacker with local privileges could elevate those privileges *if* they
could, using WM_Timer messages, somehow send commands to a more privileged
program or service that happened to interact with the desktop. Application
layer software firewalls were a favourite target, because they failed to draw
desktop windows using the current user's credentials, but did so rather with
LocalSystem credentials (they typically installed themselves as services
running in that context). As mentioned, that was patched in 2002 (MS02-071).
Of course, there'd be no problem if the developers of those third party apps
followed best practise and had their windows and dialogues interact with the
user using the user's credentials.

I'm not sure that shows "shoddy" OS design. When WM_Timer was added to the
Win32 API in the Windows NT 3.1 days (according to MSDN), no one probably
foresaw programs like software firewalls running in privileged mode and (for
reasons best known to the developers of such firewalls) that those programs
would draw windows on the desktop using LocalSystem as well.

At the time, the discoverer of said vulnerability proclaimed that the Win32
API irrevocably "broken", and that these vulnerabilities were "unfixable". It
appears that his initial, rather ambitious claim, was, in fact, incorrect.
Certainly there was vulnerability there; however I don't think this shows
some systemic failure in the design of the OS in toto, especially since this
particular vulnerability no longer exists.

If I'm off-base here, either in assuming that the above vulnerability is what
you were referring to, or the conclusion I came to about the vulnerability
being patched, please let me know.

Cheers
Ken


More information about the thelist mailing list