1

Am in the process of documenting how to install a new remote access solution across (our granted somewhat small) user base. During the install of the client on XP the program asks to be given access to the hosts file. This is fine by me so far. The trouble is that it does not just grant it to an administrator or single user but the Group\Everyone. Upon a reboot I ran an Effective Permissions test on the hosts file for the Guest account and low and behold it now has Full control of the hosts file.

My manager does not think this is overly concerning as it has not been listed as a vulnerability for the product we are using. I am a touch more cautious about it though especially as we are asking the users to do this on their home PCs.

Is having the Group\Everyone with full control to the hosts file a hugely worrying security hole?

Oliver Salzburg
  • 87,539
  • 63
  • 263
  • 308
  • 1
    Thanks for the responses guys. In the end a different approach was found to enable the program to edit the hosts file which meant the broad brush approach of granting everyone access was avoided. As we are telling user to do this I am much happier that we are not responsible for opening a noticeable breach in their security, though the initial level of their security is probably already suspect (or will be) as satanicpuppy pointed out. –  Feb 23 '10 at 09:36

2 Answers2

2

I would be worried. You are now giving permission for anything to change DNS. Why is this worrisome?

  • When Windows connects to Microsoft, it will do name lookups via the update server. How does it find that? Via name lookups. Windows will then run any code retrieved from this server. I don't know what kind of security checks Windows runs on them, so this might be negated.
  • When you go shopping, you connect to a server. What happens if both the server and the certificate server are both redirected to servers of an attacker's choosing? I don't know how the certificates work, so this also might be negated.

But even if both of those are negated, then what happens if the attacker can entice the user into bypassing security checks?

Kevin M
  • 2,584
0

Hmmm. On the one hand, obviously yes, it's a problem.

On the other hand, there are plenty of XP security exploits that install themselves as local system, even today (I've been having a recent spurt of Vundo infections, which seem to be coming down from exploited web pages; fricking users. Symantec corporate isn't helping out much either). Chances are anything that hits your machine is going to be able to get access to the Hosts file regardless of how the permissions are set.

Meh. I wouldn't care, myself. Can't trust a desktop not to get exploited; you have to plan your security above it.

Satanicpuppy
  • 7,027