Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Hello Tony, Thursday, January 8, 2004, 4:11:07 PM, you wrote: TH> Pavel Goran wrote: >> There must be a possibility for some kind of communication between a >> process and the module (for example, a process can create a named pipe >> and pass its name to the package as a password). Provided that >> communication is possible, the package can create a named pipe (and >> thus become the "named pipe server"), instruct the process to open it >> (which thus becomes the "named pipe client"), impersonate the process' >> user by calling ImpersonateNamedPipeClient(), and actually try >> NtCreateToken() (and maybe other calls). >> TH> There are many pipes that are opened by the system user... (LSASS is one TH> I think) it'd be trivial to pass one of those. It's not clear for me... "Trivial to pass one" for whom? For a malicious user who wants to "steal" priveleges, for a process (say, a SSH server) that wants to "legally" impersonate a user, or for a (sub)authentication module? (It would be probably better to move this discussion away from the CVSNT mailing list - if you don't mind continuing it.) TH> I'm not really prepared to take the risk. Luckily it's not a cvsnt TH> problem - even if I implemented something only cygwin can make the TH> decision whether to use it. I don't mean it is to be implemented right now, this is rather just a proof of concept. Pavel Goran