Microsoft does it again
David Kramer
david at thekramers.net
Tue Aug 6 16:59:15 EDT 2002
On Tue, 6 Aug 2002, Ben Jackson wrote:
> Techincally, if I read it right, it is not Microsoft's fault completely.
> MSFT is definitely at fault for providing a easy conduit for this to
> happen, but isn't the problem with the AV scanner he is telling to run his
> code? All he is doing is feeding some shellcode to a program that is
> running as "root". Running a program with a privliged account that is
> directly accessible to the user like that is bad.
>
> (For example, Norton Corp Ed. has a engine running as LocalSystem, but the
> UI is running as the account logged in, IIRC)
[SIDE NOTE- Please trim your quotes and post underneath them.]
No, M$FT is at fault because they designed the protocol to not have the
identifier of the sender in it. In the letter, the M$FT dude talks about
how it's the responsibility of the application to decide whether it will
ignore or process messages, but the M$FT messaging protocol has so From:
field, so there's no way for the application to know if the request is
legit or not. His defense is totally bogus.
More information about the Discuss
mailing list