July, 2007

Blog - About

About David LeBlanc's Web Log

This blog is about whatever security topics come to mind, and may occasionally wander off into other areas, like arcane C++ tricks. I'll primarily cover techniques to achieve more secure code, how to use some of the more interesting facets of the Windows operating system, and sometimes my thoughts about the general state of Internet security.

  • David LeBlanc's Web Log

    Practical Windows Sandboxing – Part 3

    • 5 Comments
    The third tool we need in order to create a sandboxed app is a desktop. We've said in many places that the desktop is a security boundary. Unfortunately, there's little real security within a desktop – and this isn't something unique to Windows – the...
  • David LeBlanc's Web Log

    Practical Windows Sandboxing, Part 2

    • 4 Comments
    Once you have a process in a restricted token, the next tool you can use to limit what it can do is a job object. Like restricted tokens, these shipped in Windows 2000. A job object is similar to how ulimits work on UNIX(ish) OS's, but don't do some of...
  • David LeBlanc's Web Log

    Logon ID SIDs

    • 1 Comments
    I've mentioned logon ID SIDs a couple of times, but they're fairly arcane. I first ran into them when I was exploring just what was in a process token, and a group SID came up that I wasn't familiar with. Here's how a SID is defined: typedef struct...
  • David LeBlanc's Web Log

    Practical Windows Sandboxing – Part 1

    • 1 Comments
    I've written more than once about how interesting restricted tokens are – the earliest article was on Mark Edward's Windows Security web site. Unless it's been taken down recently, the article and source code are still there. In the nearly 8 years since...
  • David LeBlanc's Web Log

    Security Dependencies Follow-up

    • 0 Comments
    Someone asked how dependencies should be handled if you're depending on another team at the same company. As you may well imagine, this is a very common issue here – for example, a bunch of apps we ship use SharePoint as a platform, which in turn uses...
  • David LeBlanc's Web Log

    Process Tokens and Default DACLs

    • 1 Comments
    I ran up on something the other day that isn't very well documented in one place. When you're dealing with restricted tokens, and in a few other limited scenarios, the default DACL on the process token becomes important. We can look at the default DACL...
  • David LeBlanc's Web Log

    Security Dependencies

    • 3 Comments
    There's been an interesting little tempest in a teapot going on WRT IE and Firefox. I in general don't pay a whole lot of attention to the browser vuln du jour, but this one caught my eye - http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId...
Page 1 of 1 (7 items)