Programming C, C++, Java, PHP, Ruby, Turing, VB
Computer Science Canada 
Programming C, C++, Java, PHP, Ruby, Turing, VB  

Username:   Password: 
 RegisterRegister   
 Potential google chrome vulnerability
Index -> General Discussion
View previous topic Printable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic
Author Message
mirhagk




PostPosted: Mon Dec 10, 2012 2:37 pm   Post subject: Potential google chrome vulnerability

http://blogs.msdn.com/b/oldnewthing/archive/2012/12/07/10375415.aspx This blog post actually explains why a problem isn't actually a security problem and why.

basically the concept is that a hacker could place a system32.dll in the same folder as the programs (microsoft office in the post) and the program will use that dll instead of the one in the system folder. This problem is theoretically possible for any program, if you place a dll in it's folder, it'll use that instead of the system ones. This is a non-issue since writing to program files requires admin permissions (and if you got those, then you don't need to do this). I do know of one major program that doesn't install to program files though, and it's google chrome. I know it installs to %appdata% specifically so that the user doesn't need to have admin rights (to streamline their updating process).

I haven't gotten a chance to test my theory, but this might have opened up a semi-issue where if some program can write to that appdata folder it could have chrome launch use a fake dll. It'd still be difficult to get to write in that location but it wouldn't require admin permissions.
Sponsor
Sponsor
Sponsor
sponsor
DemonWasp




PostPosted: Mon Dec 10, 2012 3:03 pm   Post subject: RE:Potential google chrome vulnerability

At the point where an attacker can write files to your system (other than at locations you have specifically made available), you have a huge security problem. The fact that linked libraries will load in a particular preference order doesn't seem to be the cause of this vulnerability.

The presumption by Microsoft that everyone should be installing their programs under C:\Program Files is also absurd. What if I have an SSD for the system disk and several HDDs for big things, like Steam? Well, I guess Steam isn't protected.
mirhagk




PostPosted: Mon Dec 10, 2012 4:14 pm   Post subject: RE:Potential google chrome vulnerability

Well I know I had that exact set up and everything was still stored under C:\Program Files (x86)

In actuality things were stored on F:\ or D:\ but I used mklink to look like it was all stored there. The assumption to have all the programs stored under one location is to keep everything organized for the user, and simplify things. I absolutely hate software that installs itself to the root folder, as that location quickly gets messy, and I go there very often.

Yeah as I mentioned, it's not like a glaring vulnerability as you still need to be able to write a file, but it allows google chrome to be messed with without even having admin permissions, which while isn't terrible, isn't exactly good either. One of the first rules of security is to make sure permissions are given only to things that absolutely need them. It's the whole reason su was invented.
DemonWasp




PostPosted: Mon Dec 10, 2012 4:18 pm   Post subject: RE:Potential google chrome vulnerability

Unfortunately, since Windows doesn't have unified package management, programs are left to update themselves. Since Chrome has to update itself, it would prefer to do so without user intervention, because users are dumb. Since Chrome has to update itself without user permission (!), it has to be installed somewhere that doesn't require administrator privileges to access.

This whole problem could be avoided by package management.
mirhagk




PostPosted: Mon Dec 10, 2012 4:29 pm   Post subject: RE:Potential google chrome vulnerability

like windows store? But what about Gabe? Seriously though Microsoft has the huge problem of not being able to force things on people or developers. It can't suddenly add package management, except as an optional API that developers could tie into, and it's basically what they've attempted to do a number of times, the latest of which being the windows store.

EDIT: And I know a number of great windows API's that simply went by unnoticed and unused.

EDIT2: I would like to see package management come into windows, but the only way it'd work is if Microsoft got all of it's software done that way, and convinced a few key partners to join them as well as providing it open to any developer. While package managment is awesome in linux, it's still far from perfect, and there are numerous problems that aren't solved by it.
DemonWasp




PostPosted: Mon Dec 10, 2012 7:14 pm   Post subject: RE:Potential google chrome vulnerability

The Windows Store is a complete cockup of the idea of package management. It's an install manager, but it doesn't actually handle package dependencies as far as I can tell (Windows has a piss-poor understanding of packages anyway). You have to pay to register to distribute your application, and if you charge money for your product, then Microsoft takes 30% of all your sales. Worse, the Store is only available on Windows 8 devices.

Further, Microsoft can autonomously remove software from your system without your approval. Clearly I don't actually own my computer.

Microsoft is also the sole gatekeeper of Windows Store. Ideally, Adobe should be able to set up their own package server that could be added to your "software sources" configuration to allow you to get the most up-to-date Flash without going through Microsoft. Microsoft is even welcome to maintain their own version of Flash (the most recent tested and secure version, for example), so long as you can also get the latest from Adobe.

The Windows Store isn't designed to solve the "package management" group of problems, it's designed to get Microsoft into the revenue streams of the companies that distribute pay-for Windows software.
mirhagk




PostPosted: Mon Dec 10, 2012 8:08 pm   Post subject: RE:Potential google chrome vulnerability

actually it switches to 20% once you get a decent number of sales

http://msdn.microsoft.com/en-us/library/windows/apps/br230836.aspx

But yeah the windows store was a joke, I would like to see decent package management, but it doesn't solve everything, you still need to subscribe to package lists, and can you imagine what would happen if your distant relatives started subscribing to random package lists. Microsoft would get blamed for this of course, so they would make it difficult to do so, and would never include other package lists in the OS by default (meaning the majority of users would never have other package lists, and wouldn't be able to learn how to add new ones).

So basically they'd be left with microsoft hosting the package list, and of course they'd charge for such a service (it would cost them a bunch of money) so you'd end up with a complicated system where microsoft charges 30%, or the windows store. Package managers are a great idea, but distributors always want a cut, so the best you can really hope for is something like steam.

And yes that's messed up that the windows store can pull back applications without your approval, but it's only windows store apps, and in theory steam can do the same (if it's not linked with steam you can't use it).
AntoxicatedDevil78




PostPosted: Tue Dec 11, 2012 11:31 am   Post subject: RE:Potential google chrome vulnerability

Amazing, so I can get hacked Sad
Sponsor
Sponsor
Sponsor
sponsor
mirhagk




PostPosted: Tue Dec 11, 2012 1:34 pm   Post subject: RE:Potential google chrome vulnerability

No lol, as mentioned, if you allow programs to write file to your computer, things are already going to be bad, so it's very difficult for a virus to do so.
Display posts from previous:   
   Index -> General Discussion
View previous topic Tell A FriendPrintable versionDownload TopicSubscribe to this topicPrivate MessagesRefresh page View next topic

Page 1 of 1  [ 9 Posts ]
Jump to:   


Style:  
Search: