Security/ProcessIsolation/ThreatModel: Difference between revisions

Jump to navigation Jump to search

Security/ProcessIsolation/ThreatModel (view source)

Revision as of 21:13, 17 June 2009

483 bytes added ,  17 June 2009
→‎Attack Vectors
Line 116: Line 116:
- auto-update
- auto-update
- potentially registry and network access (binary sockets, etc) - or allow them unlimited access
- potentially registry and network access (binary sockets, etc) - or allow them unlimited access
==General threats==
*Some Windows processes don't respect token privileges, they clone their own token based upon the user with default permissions (task manager is an example)
*Some services allow anyone to talk to them regardless of restrictions (Telnet service for example)
*There are a lot of DLLs in Windows that inject themselves into a process (like renderer) that can't deal with restricted rights tokens, so they crash or behave inappropriately (leave handles open, etc).
Ladamski
Confirmed users
717

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/150215"

Navigation menu