Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Service interact with desktop

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 06-25-2007
zion
 

Posts: n/a
Service interact with desktop
Hi,

How can I force my service to interact with desktop on Vista OS?
In xp/2003 it's OK.

Thanks


Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 06-25-2007
Jesper
 

Posts: n/a
RE: Service interact with desktop
Factor it into two components and build an RPC mechanism to communicate
between the two. This is part of the service hardening work that went into
Vista to protect the system from compromise from bad usermode applications.

If all you need is to show a dialog box on the interactive desktop then you
can use WTSSendMessage
(http://msdn2.microsoft.com/en-us/library/aa383842.aspx) to do that.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"zion" wrote:

> Hi,
>
> How can I force my service to interact with desktop on Vista OS?
> In xp/2003 it's OK.
>
> Thanks
>
>
>

Reply With Quote
  #3 (permalink)  
Old 06-25-2007
Alun Jones
 

Posts: n/a
Re: Service interact with desktop
"zion" <zion@msn.com> wrote in message
news:OuuBuLztHHA.1728@TK2MSFTNGP06.phx.gbl...
> How can I force my service to interact with desktop on Vista OS?
> In xp/2003 it's OK.


You only _think_ it's okay in XP / 2003.

For several years now, Microsoft has been warning that this is a bad
feature, and that it will be deprecated in some future version of Windows.
Apparently, we are now living in the future that we were warned would come.

As to why this is a bad idea, here's one example:

http://en.wikipedia.org/wiki/Shatter_attack

The brief synopsis is that if a privileged process opens up a window on the
user's desktop, that's a hole punched through a security boundary, which
could be used to allow an exploit to elevate privilege quite easily (because
the window message queues were not designed to be a security boundary).

Jesper's suggestion to create your own RPC mechanism to communicate from
desktop to server and back hints at this; that you need to create a secure
means of allowing data to cross that security boundary.

Alun.
~~~~


Reply With Quote
  #4 (permalink)  
Old 06-26-2007
Nghia Nguyen
 

Posts: n/a
RE: Service interact with desktop
Jesper,

Would splitting the service into a service and a COM local server will have
the same design that you suggested? Thanks

"Jesper" wrote:

> Factor it into two components and build an RPC mechanism to communicate
> between the two. This is part of the service hardening work that went into
> Vista to protect the system from compromise from bad usermode applications.
>
> If all you need is to show a dialog box on the interactive desktop then you
> can use WTSSendMessage
> (http://msdn2.microsoft.com/en-us/library/aa383842.aspx) to do that.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "zion" wrote:
>
> > Hi,
> >
> > How can I force my service to interact with desktop on Vista OS?
> > In xp/2003 it's OK.
> >
> > Thanks
> >
> >
> >

Reply With Quote
  #5 (permalink)  
Old 06-26-2007
cquirke (MVP Windows shell/user)
 

Posts: n/a
Re: Service interact with desktop
On Mon, 25 Jun 2007 12:56:26 -0700, "Alun Jones"
>"zion" <zion@msn.com> wrote in message


>> How can I force my service to interact with desktop on Vista OS?
>> In xp/2003 it's OK.


>You only _think_ it's okay in XP / 2003.


As in "It just works... unfortunately" ;-)

>For several years now, Microsoft has been warning that this is a bad
>feature, and that it will be deprecated in some future version of Windows.
>Apparently, we are now living in the future that we were warned would come.


>As to why this is a bad idea, here's one example:
>
>http://en.wikipedia.org/wiki/Shatter_attack


Ah, what a good article!

A common pattern with design and exploits is that often MS sees the
minutiae of code as being the exploit, whereas one might see this as
the sharp tip of a bad design that thrusts this into harm's way.

The "tip" here would be that mesages passesd from a lower-priv process
to a haigher one can include callback addresses (a risk that also
applies to viewing a listing of .CPL files as Control Panel)

The "mountain" here is that high-priv processes are accepting messages
from arbitrary low-priv processes in the first place. With the tip
removed, there still exists the opportunity to deliver malformed
content to an exploitable surface within the high-priv process.

So it's good to see Vista tackling not just the tip - as MS's
immediate response had to be - but the entire design. When was the
new design finalized? I ask, because if these sands were still
shifting late into the Vista beta, it may explain why so many
tightly-coupled-to-hardware apps (Nero, fax modem bundleware) have
been so tardy in being updated to work with Vista.

"One of the reasons why this vulnerability existed in
Windows was because when a user logged in, the
first interactive user session logged in as Session 0,
the same session that the Windows services run in.
In Windows Vista, this changes."

>The brief synopsis is that if a privileged process opens up a window on the
>user's desktop, that's a hole punched through a security boundary, which
>could be used to allow an exploit to elevate privilege quite easily (because
>the window message queues were not designed to be a security boundary).


It's good to see an explanation of deep security design changes that
lie behind obvious impacts, such as UAC prompts that black out the
screen (as they have to, to block possible inter-process interaction
from one UI to the hi-priv UAC dialog box?).

>Jesper's suggestion to create your own RPC mechanism to communicate from
>desktop to server and back hints at this; that you need to create a secure
>means of allowing data to cross that security boundary.


I may not have the background to understand the answers, but I've
often wondered about theb safety of RPC, and the wisdom of waving
networking services such as RPC and LSASS at the Internet with just a
firewall as a band-aid between them. Lovesan and Sasser come to mind.

I assume RPC formalizes what can pass between processes in ways that a
generic message queue does not, but how safe is it?

There's a generic problem that arises, in that:
- non-trivial code has bugs
- to be bug-free, keep your code trivial

What this means, is the choice between:
- trivial parameter verification that passes exploits through
- complex parameter verification that is itself an exploit surface

This applies to firewalls as much as anything else, e.g. Witty vs.
Black Ice Defender. Then again, the deep destination code can also be
an exploit surface, e.g. the ASN1 flaw. So, it's hard to stop the
baloon of possibilities bulging out somewhere, as you try to design a
box that will safely contain it ;-)



>--------------- ---- --- -- - - - -

I'm baaaack!
>--------------- ---- --- -- - - - -

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
User Profile Service: Service Failed Logon Kinhaven microsoft.public.windows.vista.general 1 02-19-2009 18:09
PDIHWCTL service failed, EventID: 7000, Source: Service Control Manager Eventlog Provider ls [sb] microsoft.public.windows.vista.general 0 06-21-2007 04:20
Security Service and Windows Wireless Service stopped working Kolin Tregaskes microsoft.public.windows.vista.general 3 06-11-2007 18:34
Windows Server 2003 Service Pack 2 and Windows XP Professional x64 Service Pack 2 has BlogFeed Windows Vista Blogs Forum 0 03-16-2007 01:00
"Specified service does not exists as an installed service" error =?Utf-8?B?dm1haWw4?= microsoft.public.windows.vista.networking sharing 0 12-05-2006 16:30




All times are GMT +1. The time now is 17:23.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120