Doesn't this example violate Mandatory Integrity Control?

W

Walter Porter

Hello:

Scenario:
1) Launch notepad.exe with High MIC label, create file, close file.
2) Launch notepad.exe with Medium MIC label, edit that same file, save the
changes successfully.

Isn't this a violation of the purpose of mandatory integrity control? A
process with a lower label (Medium) is successfully editing a file created
and saved by another process with a higher label (High)?

I'm not certain, but I swear this wasn't possible with earlier builds of
Vista... :-\

Any insight will be greatly appreciated!

Thanks!
 
J

Jimmy Brush

Hello,

I may be wrong on this, but I think the object integrity value is controlled
thru the object permissions heirarchy. When a process is running, it can
only write to objects/containers that have an equal or lesser integrity
value than what it is assigned, but when it creates an object I believe that
object inherits the MIC value from the container, unless explicitly set.

This would explain the behavior in your example, as the file you created
most likely would have been set to the NORMAL integrity value, which is
writable from both admin and non-admin processes.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Is there a way to launch processes with arbitrary MIC labels? 2
Mandatory Integrity Control (MIC) tools? Biba tools? 1
Anyone know how to start a process with low integrity from a process with higher integrity? 0
Audio Recording Control Issue In Realtek High Definition Audio 1
Macro security! 1
Two Problems 1
Stealth virus?? 2
Now the truth starts to shine....>Malware will thrive, even with Vista's UAC 4

Top