|
|
Darren New wrote:
> Sorry. I meant the shatter attack. It's where you fake using the
> keyboard to write executable code into (say) a text entry box, then you
> send a message to the program that makes it invoke a callback in such a
> way as it jumps to the text in the text entry box.
Incidentally, this is exactly the reason the UAC does that funky thing with
the screen. It's also the reason you get warnings every single time you
start up a privileged program that opens a window, even if it's just an icon
in the system tray.
You're *supposed* to write a service that runs with the appropriate
privilege, then write an unprivileged UI that talks to the service, and the
service makes sure that what the UI tells it to do is safe. If you just let
the user talk straight to the privileged code thru the UI, you can have
trouble.
Kind of a dumb design decision, probably left over from Win16 days. :-)
--
Darren New, San Diego CA, USA (PST)
I ordered stamps from Zazzle that read "Place Stamp Here".
Post a reply to this message
|
|