Controlled Object Factory
Classification Key
: Core Security, Elevation of Privilege
Problem
Objects are created either at program initialization or dynamically during execution. The access rights of processes with respect to objects must be defined when these objects are created. Applications also use resources that are allocated from resource pools and the applications must have appropriate access rights to them. The access rights are defined by authorization rules or policies that are enforced when a process attempts to access an object.
How can this be done?
Solution
Create new objects with limited rights. Intercept new object creation requests and get the requester to fully specify the rights to be associated with the new object.
Known Uses
Windows processes create objects with various Create system call passing access control information (DACL) as parameter.
Source
Wiley Book
Tags
Object Creation, Access Rights
|