Posts
  • David LeBlanc's Web Log

    Practical Windows Sandboxing – Part 3

    • 5 Comments
    The third tool we need in order to create a sandboxed app is a desktop. We've said in many places that the desktop is a security boundary. Unfortunately, there's little real security within a desktop – and this isn't something unique to Windows – the...
  • David LeBlanc's Web Log

    Practical Windows Sandboxing, Part 2

    • 4 Comments
    Once you have a process in a restricted token, the next tool you can use to limit what it can do is a job object. Like restricted tokens, these shipped in Windows 2000. A job object is similar to how ulimits work on UNIX(ish) OS's, but don't do some of...
  • David LeBlanc's Web Log

    Logon ID SIDs

    • 1 Comments
    I've mentioned logon ID SIDs a couple of times, but they're fairly arcane. I first ran into them when I was exploring just what was in a process token, and a group SID came up that I wasn't familiar with. Here's how a SID is defined: typedef struct...
  • David LeBlanc's Web Log

    Practical Windows Sandboxing – Part 1

    • 1 Comments
    I've written more than once about how interesting restricted tokens are – the earliest article was on Mark Edward's Windows Security web site. Unless it's been taken down recently, the article and source code are still there. In the nearly 8 years since...
  • David LeBlanc's Web Log

    Security Dependencies Follow-up

    • 0 Comments
    Someone asked how dependencies should be handled if you're depending on another team at the same company. As you may well imagine, this is a very common issue here – for example, a bunch of apps we ship use SharePoint as a platform, which in turn uses...
  • David LeBlanc's Web Log

    Process Tokens and Default DACLs

    • 1 Comments
    I ran up on something the other day that isn't very well documented in one place. When you're dealing with restricted tokens, and in a few other limited scenarios, the default DACL on the process token becomes important. We can look at the default DACL...
  • David LeBlanc's Web Log

    Security Dependencies

    • 3 Comments
    There's been an interesting little tempest in a teapot going on WRT IE and Firefox. I in general don't pay a whole lot of attention to the browser vuln du jour, but this one caught my eye - http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId...
Page 1 of 1 (7 items)