Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Is it possible to read a SGA's memory architecture ?

Re: Is it possible to read a SGA's memory architecture ?

From: Billy Verreynne <vslabs_at_onwe.co.za>
Date: Tue, 22 Oct 2002 13:55:18 +0200
Message-ID: <ap3ecm$4la$1@ctb-nnrp2.saix.net>


Vladimir M. Zakharychev wrote:

> This is a rather old technique, recently rediscovered and studied by Foon.
> He claims that Win32 has architectural flaws (unfixable) which may be
> exploited for privilege escalation with very little skill and effort,
> using only Windows messaging mechanisms and several APIs that send and
> process messages. Pretty good essay plus links to Microsoft answers on it,
> and answers on answers :) can be found here:
>
> http://security.tombom.co.uk/shatter.html

Ah.. thanks. But as you say, this is very old hat stuff. It also never has been a real problem as it requires your code to be run locally on the machine being attacked. In that respect I tend to agree with the Microsoft security laws. If you allow a foreign program to execute on your machine, then the machine is no longer yours. The whole idea of having guest accounts and foreign programs executing on your system is fatally flawed in the first place. So is the corporate thing of rolling out "locked desktops" to their users (which btw I have running in a little VM inside Linux on their so-called locked down desktop).

It does however make theoretical sense to implement a security layer at messenging level in the kernel architecture... but there are lot of pratical implications and performance issues around it.. which IMO could make something like this unpractical. The behaviour of the WM_TIMER message is very interesting though...

I think calling it an architectural flaw is pushing it a tad. He does raise a few good points though.

As for using this method to read the Oracle SGA, I doubt that it will work.

--
Billy
Received on Tue Oct 22 2002 - 06:55:18 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US