Michael Brown <see@signature.below> wrote:
> > If a program opens windows, then it is unsecure. That's nothing new.
> Your original claim was that only administrators could monitor file and
> registry accesses. I pointed out that this was not the case for ***user-run
> processes*** as you could use code injection to acheive these aims.

You're right here. But what will that tell us?

If I start a program as a user, I can do anything with that program.
So what?

This is not a security related topic, because a user program can do
exactly what all the other user programs can do, say: that, what the
user is allowed to do.

What are you trying to tell?

> You
> replied that code injection required seDebugPrivilege, hence my reply above.

I cannot see any sense in code injection in a non privileged program.

Code injection does make sense into programs, which lead i.e. to
privilege elevation.

> Note that in my reply I deliberately left in the part where I mentioned that
> I was talking about user-run processes to avoid losing context.

I was talking about the postings before also.

> Note also that you can have an interactive application that is secure from
> the interactive user as long as the process is owned by a different user

That's not enough. To prevent message based attacks like i.e. shatter
attacks, it has to run on another desktop, too.

> >> So you can
> >> do code injection into any process that you start.
> > Why should one do that?
> If you wanted to, say, log file and registry accesses by that process :)

And what does that have to do with security?

Yours,
VB.
--
"Almighty Father, who wilt hear the prayer of those that love Thee, we pray
Thee to be with those who brave heights of Thy heaven and who carry the
battle to our enemies. Guard and protect them, we pray Thee, as they fly
the appointed rounds." - Chaplain William Downey, prayer for the Enola Gay.