Severe security holes??????!?!?

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

TOTMS
Posts: 112
Joined: Thu Sep 29, 2005 3:00 pm
Location: London, UK
Contact:

Severe security holes??????!?!?

Post by TOTMS » Thu Dec 08, 2005 9:06 pm

Hi, I was just wondering, since we are essentially rebuilding a carbon copy of the way windows works (i.e. the APIs etc for program compatibility), are we going to end up creating the same security holes?????

Do you think it will be possible to implement various parts of the windows operating system securely (i.e. fixing MS's mistakes) and still mainatin the 100% Win32-Nt compatibility???

What do you guys think?

Konrad
www.totms.co.uk

StringCheesian
Posts: 31
Joined: Mon Mar 28, 2005 11:37 pm

Post by StringCheesian » Thu Dec 08, 2005 10:38 pm

Cloning NT/2000 isn't so bad, it will avoid the security pitfalls of 9x/Me. They could do what MS is doing with Longhorn, and make more of the apps run in reduced privileges mode, etc.

It would be awesome if they could make it so that you don't have to run as Administrator on ReactOS, I mean make it so that games and other apps that only work properly when run as Administrator (on Windows) for no good reason work fine in a Limited User account on ReactOS.

TOTMS
Posts: 112
Joined: Thu Sep 29, 2005 3:00 pm
Location: London, UK
Contact:

Post by TOTMS » Thu Dec 08, 2005 10:50 pm

Yes but there are still *LOADS* of potential security holes in the NT architecture.

I dont understand what you mean by not running as an administrator by default. In this respect ROS is like NT, you a main administrator account (which is generally only used for troubleshooting) and regular user accounts (slipt into Limited and quasi-admin - although this has not been implemented yet.)

Dont forget it is not always at a kernel (or API) level that specifies how a particular function needs to be executed (i.e. if a regular user can do it) but the program itself. To take a simple example, PunkBuster. Ok, so this is a game addin, but it wont run unless it has full access to your system (quasi-administrator level) in order to make sure that there are no exploits running....

GvG
Posts: 499
Joined: Mon Nov 22, 2004 10:50 pm
Location: The Netherlands

Post by GvG » Thu Dec 08, 2005 11:46 pm

TOTMS wrote:To take a simple example, PunkBuster. Ok, so this is a game addin, but it wont run unless it has full access to your system (quasi-administrator level) in order to make sure that there are no exploits running....
I'd say this has very little to do with OS security then. Imagine a game running on Linux requiring you to run it as root.

TOTMS
Posts: 112
Joined: Thu Sep 29, 2005 3:00 pm
Location: London, UK
Contact:

Post by TOTMS » Fri Dec 09, 2005 12:18 am

GvG wrote:
TOTMS wrote:To take a simple example, PunkBuster. Ok, so this is a game addin, but it wont run unless it has full access to your system (quasi-administrator level) in order to make sure that there are no exploits running....
I'd say this has very little to do with OS security then. Imagine a game running on Linux requiring you to run it as root.
Ok point taken on PB :D , I was just using that as a basic example. How are we going to make sure that we dont have the same security woes that Windows does? Is it feasable to implement a LH/Vista style limited default account system?

Konrad
http://www.totms.co.uk

ThePhysicist
Developer
Posts: 508
Joined: Mon Apr 25, 2005 12:46 pm

Post by ThePhysicist » Fri Dec 09, 2005 5:22 pm

What ROS needs is somekind of software restriction policies like Win 2k3 has, that would prevent untrusted software from doing things that you don't want.
Then it's up to the user to allow "FreeNudePictures.exe" to change your internet dial up settungs or install rootkit.sys driver ;-)
So even the admin account would be more secure. This might be integrated in the 2nd level firewall.

TOTMS
Posts: 112
Joined: Thu Sep 29, 2005 3:00 pm
Location: London, UK
Contact:

Post by TOTMS » Fri Dec 09, 2005 5:41 pm

ThePhysicist wrote:What ROS needs is somekind of software restriction policies like Win 2k3 has, that would prevent untrusted software from doing things that you don't want.
Then it's up to the user to allow "FreeNudePictures.exe" to change your internet dial up settungs or install rootkit.sys driver ;-)
So even the admin account would be more secure. This might be integrated in the 2nd level firewall.
But how would that work? If it would be implemented in a similar way to the extention software in Outlook (i.e. when a program wants to send mail, get contact list, or do anything through the program, outlook pops up a window per event and asks for explicit permission,) then it is not practical for day to day programs. If you are thinking of a system like 'this program has not been digitally signed (or something similar) and therefore could potentially be harmful to your computer, |Block| |Allow this time| |Allow|' then that could work.

But I am not just talking about programs you download. The reason MS have to release so many patches and service packs, is because the way they have implemented various functions is open to abuse or 'magic packet' attack which allows for unsigned code to bypass existing security.

We simply do not have the same resources as MS to find work arounds for all the bugs and exploits that would come to light if we mimicked the MS code too closely.

GvG
Posts: 499
Joined: Mon Nov 22, 2004 10:50 pm
Location: The Netherlands

Post by GvG » Fri Dec 09, 2005 7:05 pm

I think the Sony incident proved that relying on accepting software from "trusted sources" doesn't work. I mean, if you can't trust a big company like Sony, who can you trust?

TOTMS
Posts: 112
Joined: Thu Sep 29, 2005 3:00 pm
Location: London, UK
Contact:

Post by TOTMS » Fri Dec 09, 2005 9:02 pm

GvG wrote:I think the Sony incident proved that relying on accepting software from "trusted sources" doesn't work. I mean, if you can't trust a big company like Sony, who can you trust?
Yes but although the root kit Sony made was taking the piss, all it did was hide $sys$ files. It was people writing programs that exploited this that really proved the problem.

Noone has answered my question yet - MS software is full of holes, will implementing a carbon copy of NT provide us with the same woes or is there a way to keep compatibility but have security as well?

cmoibenlepro
Posts: 483
Joined: Tue Nov 30, 2004 5:44 pm
Location: Canada

Post by cmoibenlepro » Sat Dec 10, 2005 3:12 am

or is there a way to keep compatibility but have security as well?
Yes.
because it is not based on the same source code, so it won't have the same security holes than windows, so virus/spyware/malware should hopefully not work. :)

ThePhysicist
Developer
Posts: 508
Joined: Mon Apr 25, 2005 12:46 pm

Post by ThePhysicist » Sat Dec 10, 2005 5:08 am

1.) Windows makes a lot of people use the admin account because several programs wont run in a restricted users account. If ROS makes most of the software run in a non-admin-account, people would choose a user account and be more safe!

2.) If it is controlled what programs do (write to registry, install drivers) and the user is asked, if this should be really done, then it is a lot more secure than it is in Windows, where every "dialer.exe" can do whatever when executed as aministrator, and most programs can do a lot (like put themselves into autostart) when only executed as users.

Today it is less important so restrict groups of users from messing up the system than to restrict "untrusted" software (and I mean personally untrusted, not trusted through "signedness" by a major software developer like MS or Sony (Unless there is an OpenSource-TrustCenter, where everyone can tell, if he feels the program xyz can be trusted or not)) from doing things you don't want!
Most OSes only run with one user! He is the administrator! Let the user/admin choose if he likes to change the system (install drivers / add autostart entries...) Most people I know, working with Windows don't even know the difference between admin and user accounts and don't care about that. Just make the dumb user have a restricted account, but let most software run under that account. If a program really wants to do something only an admin can do, tell it to the user and make them allow it by entering the admin password!
Sometimes even WinXP asks if to run an installer like "setup.exe" as admin, because it might be possible that this installer can only run as admin. But that's not a good way, because you allow the "setup.exe" program to do whatever it likes and you don't have a clue what it really does!
So: check what a program does and ask if it should be done (even as admin!)!!!
I have recently tested WinPooch and although it's beta it does this (in most of the cases I think). It checks software if it's allowed to do something and when not asks the user if to allow. It's not perfect yet, but it's easy to configure and a good OpenSource alternatove to other firewall AND anti-spy/malwareprograms! Check it out, but be careful, if you enter the wrong rules, it can make your system hang, especially when entering admin account, it's beta!!!)

So my hope is that with the implemenation of the ROS firewall, in the 2nd layer firewall there will be somekind of software restriction (a possibility to make profiles for software like 'unknown', 'installer', 'trusted', 'system') to
allow the user to decide what software is allowed to do!

Code: Select all

void DoSomething (PFUNCTION DoThis)
{
  if (GoodOS)    /* ROS */
  {
    if (AksUserToReallyDoIt(DoThis))
    {
      ReallyDoIt(DoThis);
      return TRUE;
    }  else 
    {
      return FALSE;
    }
  } else // Windows XP
  {
    JustDoIt(DoThis);  /* NIKE (?) */
    return TRUE;
  }
}

steveh
Posts: 271
Joined: Sat Dec 18, 2004 10:02 pm

Linux game requesting "root" execution?

Post by steveh » Sun Dec 11, 2005 2:18 am

:shock:

@GvG

I would consider any linux game requesting root privileges for playing,... as more or less MIS-CONCEIVED.

GvG
Posts: 499
Joined: Mon Nov 22, 2004 10:50 pm
Location: The Netherlands

Re: Linux game requesting "root" execution?

Post by GvG » Sun Dec 11, 2005 10:37 am

steveh wrote:I would consider any linux game requesting root privileges for playing,... as more or less MIS-CONCEIVED.
So would I. My point was that a Windows game requiring administrator privileges is just as mis-conceived.

TOTMS
Posts: 112
Joined: Thu Sep 29, 2005 3:00 pm
Location: London, UK
Contact:

Re: Linux game requesting "root" execution?

Post by TOTMS » Mon Dec 12, 2005 12:05 am

GvG wrote:
steveh wrote:I would consider any linux game requesting root privileges for playing,... as more or less MIS-CONCEIVED.
So would I. My point was that a Windows game requiring administrator privileges is just as mis-conceived.
Yes but thats not the point I am trying to raise, I only used PB as a (bad) example.

unkemptwolf
Posts: 9
Joined: Fri Oct 14, 2005 2:47 am

Post by unkemptwolf » Mon Dec 12, 2005 8:53 am

Alright, correct me if I'm wrong, but what this guy is wanting to know is if the Win32 API is inherently insecure. The answer is no, as far as I know. There is nothing (other than Microsofts implementation) that makes the Win32 API any more or less secure than say, the Linux API (whatever it is).

Post Reply

Who is online

Users browsing this forum: AOBIndia and 1 guest