[cap-talk] basic question: concerning confused deputy
David Hopwood
david.nospam.hopwood at blueyonder.co.uk
Tue Mar 6 21:34:53 CST 2007
Toby Murray wrote:
> On excess authority and confused deputies, as well as trusted paths and
> other what-not, the following appears interesting in the context of the
> current discussion:
>
> It concerns a trick to spoof "trusted looking" UAC dialogs, and to my
> mind, RunLegacyCPLElevated.exe (described below) is a confused deputy of
> sorts.
RunLegacyCPLElevated.exe is obviously misconceived from the get-go. Why
should all "legacy control panel applets" (i.e. any .cpl file that exports
a particular entry point) get the "Windows needs your permission to continue"
UAC prompt anyway? What on earth could whoever designed this have been thinking?
It's by no means a subtle bug!
<http://www.symantec.com/enterprise/security_response/weblog/2007/02/an_example_of_why_uac_prompts.html>
> Would others consider the below to be an instance of confused deputy or
> am I stretching the boundaries too far here?
Yes, this is well within the boundaries of the category.
> If nothing else, it certainly highlights the ugliness and unworkability
> of current approaches to try to achieve some semblance of POLA using an
> IBAC style framework without decent support for delegation.
>
> from:
> http://www.pcworld.com/article/id,129268/article.html
Despite all the rhetoric about taking security seriously, it seems from
Microsoft's response to Ollie Whitehouse that they still don't understand
what constitutes a valid attack -- confused deputy or otherwise.
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk
mailing list