" This issue is a critical security problem if a Windows machine is used by more than one person." Which gets to the root of alot of peoples problems with security vulnerabilities (NOT just in Windows I've seen). Bad passwords/naieve trust of thier fellow man. Worst : Not updating with Patches. Even linux has patches, so... Bad: Bad passwords/naieve trusting users Annoying: Stupid users that open eveything they can just because "Hey, if I got it, it need to be opened without any pre-thought!" There is a reason why different user security levels were invented for Windows and Linux. Restricting Security Is Good. Other then that, if your running a program on your PC someone else made that you don't 100% trust, your gambling, no matter if it's windows or linux. We need intelligent computer users... So, essentially we're screwed...(glass 3/4 empty!) ----- Original Message ----- From: "Dale Farnsworth" To: Sent: Thursday, August 08, 2002 6:45 AM Subject: Re: Win32 API utterly and irreprarable broken > On Thu, Aug 08, 2002 at 01:22:46AM +0000, David Uhlman wrote: > > Though I am loathe to "defend" Microsoft if you read the bug track info > > http://online.securityfocus.com/archive/1/286228/2002-08-03/2002-08-09/1 you > > can see that this is more complex than just a typical MS bug/error and plays > > off the problem of supporting 10 years of legacy api code and insufficient > > vendor understanding of the damages possible via message queuing. > > > > It is not so much of a bug because a patch can't be applied to this, it is > > more of a "known issue" that vendors must be made aware of to avoid building > > programs that can be taken advantage of by this. A very limited parallel > > might be a Linux vendor building a program that runs inappropriate code as > > root so that privilege escalation is possible. > > This would be true if not for the fact that Microsoft supplies several > programs (integral to the operation of windows) that can "be taken > advantage by this." The point of the original paper is that you cannot > build a usable windows desktop system without hitting this "known > issue". > > This issue is a critical security problem if a Windows machine is used > by more than one person. > > -Dale > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >