homepage Welcome to WebmasterWorld Guest from 54.227.20.250
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Win32 API
utterly and irredeemably broken
mack

WebmasterWorld Administrator mack us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 234 posted 7:07 pm on Aug 14, 2002 (gmt 0)

[theregister.co.uk...]

 

Xoc

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 234 posted 7:42 pm on Aug 14, 2002 (gmt 0)

My understanding of this one is that it is an insignificant problem. It's based off the idea that Windows has always run off a global message queue and that applications can put things into or take things out of the queue. The result is that one program can hack another one running in the same context.

But that's a given on any operating system. It's the same effect that you get if you can run a malicious program as root on Linux, it can hack any other program on the system. The mechanism on how you would implement it is different between Windows and Linux, but the result is the same.

mack

WebmasterWorld Administrator mack us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 234 posted 7:47 pm on Aug 14, 2002 (gmt 0)

So could the operating system be controlled remotely using a program installed on the infected computer that is accessed over the web for instance? In a way I can understand how this would happen on almost any OS it would just need to be ported for itís intended environment. Does anyone know of any instances where this has actually happened?

Josk

10+ Year Member



 
Msg#: 234 posted 8:30 am on Aug 15, 2002 (gmt 0)

"The result is that one program can hack another one running in the same context" -- and the problem in Windows is most things run as the eqivilent of root. A problem we had was as follows:

* An intern needed to remove an activeX download file from their computer
* IE had placed the activeX file a system folder, even though the intern wasn't logged in as the administrator
* intern didn't have the administrator password and had to ask for somebody else to remove it

On Linux my browser runs as josk. It can install things to whereever *I* can install things. The downside is that anything *I* own is at risk, but at least the system is safe...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved