[conspire] Buggy ATI Driver (and others) Leaves Vista Open to Attack
Adrien Lamothe
a_lamothe at yahoo.com
Sat Aug 18 23:12:24 PDT 2007
Rick Moen <rick at linuxmafia.com> wrote:Indeed, if device drivers themselves provide privilege escalation
mechanisms, the system is in deep trouble. This has been known, for
years, to be true on _all_ Win32 systems without exception, as an
inherent consequence of the Win32 messaging model, even without the
drivers offering privilege-escalation paths as such:
http://web.archive.org/web/20060904080018/http://security.tombom.co.uk/shatter.html
Given that Microsoft Windows Vista didn't make a clean break from the
established Win32 API, I greatly doubt that Vista escapes this inherent
and long-established security failure.
No reason MS couldn't have cleaned up the code behind the API and messaging model. MS has a history of shoe-horning code from their older OSes into the newer ones. MS really should have just used BSD Unix for the new OS and provided a virtual machine to run legacy software.
---------------------------------
Shape Yahoo! in your own image. Join our Network Research Panel today!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20070818/0dc02f0f/attachment.html>
More information about the conspire
mailing list