| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5E610DD0DFACB633154F31E7@utd59514.utdallas.edu> Date: Wed Jan 18 19:55:42 2006 From: pauls at utdallas.edu (Paul Schmehl) Subject: Question for the Windows pros --On Wednesday, January 18, 2006 13:25:55 -0600 Yvan Boily <yboily@...il.com> wrote: >> The explanations on MS's site are vague enough that they're meaningless. >> What services running on Windows allow clients to access them? And if >> they do, do they restrict access to the Local Machine? Or do they allow >> Remote Access? (For example, RPC is clearly remote. Is the Windows >> Time service?) > > Actually, the explanations are not vague or meaningless. It just > helps to have an understanding of what this privilege governs. Lets > start with the fact that in essence it only applies to Server > operating systems, and only to Windows 2000 SP4, or Windows 2003. > This is incorrect. The privilege exists *and* functions on the Workstation operating systems Win2000 SP4 *and* WinXP. I have verified this through testing. > http://msdn.microsoft.com/library/default.asp?url=/library/en- > us/secauthz/security/authorization_constants.asp > I've already been there and read the page - several times. I understand *in general* what an impersonation privilege is. I need to know *specifically* what "server's clients" can be impersonated when this privilege is applied to an account. So far, I've found nothing on the web that even attempts to address that issue. > Mike Howard also demonstrates the technique here: > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/h > tml/secure03132003.asp > That's somewhat helpful, in a general way, but still doesn't answer my question. > RPC is not clearly remote. It is merely a mechanism which is capable > of delivering remote calls. > Which is what I meant by clearly remote. IOW, it's capable of accessing resources remotely. > According to MSDN this is a list of API that require > SeImpersonatePrivelege: > > RpcImpersonateClient > ImpersonateAnonymousToken > ImpersonateClient > ImpersonateLoggedOnUser > ImpersonateSecurityContext > RpcGetAuthorizationContextForClient > > Reading the API, and the MSDN Documentation on IMpersonation and > Delegation should illuminate this issue. > Unfortunately, it has not. Again, I understand *in general* what impersonation is, how it works and what it can mean in terms of security. I am looking *specifically* for what a user who has the privilege Impersonate a client after authentication has the right to do. Does it mean that *anything* that user runs runs under his/her privileges? Does it mean only *local* processes are affected? Does it mean a hacker can access the machine remotely and run under the user's privileges? IOW, if I have a domain account name "Joe", and I grant "Joe" this privilege, what is placed at risk? The local machine he's logged in to? The entire domain? Only certain services? Saying it's a high risk (like ISS does) and then not defining *precisely* what the risks are is not helpful. And all I was really asking for is pointers to any white papers or conference presentations that even attempt to illuminate this issue. It's looking like there are none. > The short story is though, that any case where any process or thread > will execute, either locally or remotely, under another users security > context, impersonation is required. Can you name one? For example, is the RPC Locater Service affected by this privilege? Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/
Powered by blists - more mailing lists