Re: OpenVMS - When downtime is not an option
- From: Bill Todd <billtodd@xxxxxxxxxxxxx>
- Date: Wed, 04 Jul 2007 18:43:56 -0400
david20@xxxxxxxxxxxxxxxx wrote:
In article <h8SdnWZlQ7mWVRfbnZ2dnUVZ_vmqnZ2d@xxxxxxxxxxxxxxxxxxxxxxxx>, Bill Todd <billtodd@xxxxxxxxxxxxx> writes:Main, Kerry wrote:
....
If the design and/or architecture of the OS platform allows anClearly, that would be an OS bug (or at least a serious design flaw, if indeed it were intentional rather than inadvertent) - *if* it had been the case in this instance.
application bug to provide access to protected data and/or provides
elevated rights on the system, does sit matter if it is an application
or kernel OS issue?
It was not: the bugs *only* affected Exchange Server. If Exchange Server was designed such that it had to execute in a privileged environment (such that once compromised itself it could compromise other parts of the system as you describe above), rather than designed modularly such that at most a few critical parts of it might require privilege (certainly not including the parsing functions that these bugs affected) and the rest could run unprivileged, that was an *Exchange Server* design flaw, not a Windows flaw.
What is this "IF" ?
As I'm starting to get tired of saying, *exactly* what it seems to be.
From http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
"An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install
programs; view, change or delete data; or create new accounts with full user
rights"
Obviously this means that the codepath executed by the bug must run at a high
privilege level.
Obviously you're not very familiar with Microsoft's exposure descriptions.
Microsoft *always* uses this phrase (which if you read it more carefully says 'could', not 'can') whenever it *may* be possible that the execution environment is privileged, very frequently following it (as indeed it does in this case) with the clarification that what *really* happens is that the attacker gains the privilege of the applicable execution environment, whatever that privilege level may be.
Whether that is because Exchange is running with higher
privileges than it really needs because of bad design and implementation or
whether it is doing something which requires it to have high privileges at that
point in time is not something easily judged without access to the design
documents and/or source of Exchange.
Are you seriously suggesting that parsing the contents of email requires privilege? Sheesh!
If as you seem to believe it is bad design and implementation in Exchange
causing it to run at higher privileges than needed then it is down to those designing and programming Exchange at Microsoft. However Exchange is a Microsoft product and those same designers and programmers have probably also worked on the OS code during their careers and have had their code reviewed by the same quality control people.
Now you're getting outright ridiculous: guilt by association, rather than guilt by evidence.
You're usually one of the more competent contributors here - it would be nice to see your observations return to that level.
- bill
.
- Follow-Ups:
- Re: OpenVMS - When downtime is not an option
- From: david20
- Re: OpenVMS - When downtime is not an option
- References:
- RE: OpenVMS - When downtime is not an option
- From: Main, Kerry
- Re: OpenVMS - When downtime is not an option
- From: Bill Todd
- Re: OpenVMS - When downtime is not an option
- From: david20
- RE: OpenVMS - When downtime is not an option
- Prev by Date: Re: Is VMS losing the Financial Sector, also?
- Next by Date: Re: Another opportunity
- Previous by thread: Re: OT: Exchange (Was Re: OpenVMS - When downtime is not an option)
- Next by thread: Re: OpenVMS - When downtime is not an option
- Index(es):
Relevant Pages
|
