Microsoft does it again

[bogstad at pobox.com (Bill Bogstad)]

Derek Kramer wrote:
On Tue, 6 Aug 2002, Derek D. Martin wrote:
>
>> If you're relying on Windows privileges to secure your network, you're
>> basically screwed.  A whitepater was released today detailing how to
>> gain localsystem privileges on any Win32-based platform.  And the
>> kicker is, because it takes advantage of a fundamental flaw in the
>> design of Windows, it's basically unpatchable, requiring a complete
>> overhaul of the Windows messaging system to fix.
>> 
>> And the best part is, if you're providing terminal services via a
>> Citrix server, anyone can own your server, and you'll never be able to
>> stop them...
>> 
>>   http://security.tombom.co.uk/shatter.html
>
>I read this in detail, and I hate to admit that I agree with Microsoft.   
>Once bad people are sitting logged onto your machine, you should already 
>considered it compromised, regardless of what techniques the bad person 
>has at their disposal.

So a command line overflow exploit in a setuid-root ps binary on a
UNIX machine is unimportant because you shouldn't ever let 'bad
people' have a login on your machine?  I thought security was about
being able to limit the resources that a user could access on a
machine even when they had some level of legal access.  You seem to be
advocating a security model of 'good' and 'bad' users where 'good
users' can do anything and 'bad users' can do nothing.  Maybe you
missed the part where this worked via terminal services as well.  You
don't need physical access, apparently you only need the equivalent of
a UNIX login.  I believe that any operating system vendor who claims
that something isn't a security issue because you have to have some
level of valid access to exploit it should be condemmed. PERIOD.

				Bill Bogstad
				bogstad at pobox.com