On 06-04-2012 01:12, Jeffrey Walton wrote:
On Thu, Apr 5, 2012 at 6:58 PM, Jeffrey Walton<noloa...@gmail.com> wrote:
On Thu, Apr 5, 2012 at 6:06 PM, Jakob Bohm<jb-open...@wisemo.com> wrote:
On 4/5/2012 9:01 PM, Jeffrey Walton wrote:
[SNIP]
The following list of permission bits are most (not all) of those that
may appear in the DACL of a process on any NT derived Windows version,
and are unrelated to any Vista specific "privileged processes" concept:
Correct. They are the permissions removed in support of DRM. I use it
to harden a process in general. For the heap walking, I believe - but
have not tested via code - that PROCESS_VM_READ would be of interest.
My bad: s/Correct/Incorrect/g. Take a look at
http://msdn.microsoft.com/en-us/windows/hardware/gg463417.
PROCESS_ALL_ACCESS is not a permission bit, it is the OR of almost all
the other bits.
Personally, I harden selected processes by allowing only SYNCHRONIZE
access for most accounts other than SYSTEM, but also allowing
PROCESS_TERMINATE access for the applicable user account (otherwise even
ExitProcess() may fail in some OS versions, besides allowing kill -9 to
still work is more polite to users). I also change thread permissions
and the token default ACL.
However for most processes it is acceptable to allow same-user access
(this is also the default on most Unix-like systems), and the grand
total of the resulting crap allocations of GUI elements can provide a
few much needed bits of entropy for seeding the cryptographic RNG in a
freshly started process with only predictable startup allocations of its
own.
I also think that allowing same user processes to invade gpg is a
non-issue, as the same effect can be trivially achieved by intercepting
the launch of gpg.exe and launching a "trojan" version in its place.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
