[SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

Dinis Cruz dinis at ddplus.net
Thu Apr 6 08:57:30 EDT 2006 

der Mouse wrote:
>> At least one aspect of that is a design defect in TCP/IP, allowing
>> unprivileged users to create a port to receive inbound connections.
>>     
>
> I don't think it's fair to call that any kind of defect in TCP/IP.
>   
I agree
> There is nothing at all in TCP or IP that says anything whatsoever
> about what privilege may or may not be necessary to establish a listen
> for incoming connections.  If you must call this a flaw, at least place
> the "flaw" where it actually is - in the implementation(s).
>   
I am not sure that the problem is in the implementation either. From my
point of view, the problem is in allowing malicious applications (or
code) to have access to it in the first place.

If an application is a File Compression utility, then there is no reason
why it should have access to the TCP stack. And if they do need access
to it (for example to check for updates), then those exceptions should
be very well controlled and monitored.
> I'm also not convinced it's a flaw at all; calling it one sounds to me
> like viewing a TCP stack designed for one environment from the point of
> view of a drastically different environment.  In the environment most
> current TCP stacks were designed for, listening for connections on a
> "high" port should not be a restricted operation.  In calling that a
> defect, you appear to be looking on it from a point of view which
> disagrees with that, which actually means just that you've picked the
> wrong TCP stack for your environment, not that there's anything wrong
> with the stack for its design environment.
>   
If this was doable (creating custom TCP Stacks) and practical, maybe
that would be an alternative (since there is no better security
countermeasure, than the one that removes the 'exploitable' target)


Dinis Cruz
Owasp .Net Project
www.owasp.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20060406/2755cf1b/attachment.html

More information about the SC-L mailing list