Care when using eMule as Limited User
2 posters
Page 1 of 1
Care when using eMule as Limited User
I only recently discovered this with AccessEnum, although this behaviour should have been obvious:
With eMule installed in default configuration, Limited Users can write to C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp. This arguably defeats (to an extent) the purpose of the LUA, and certainly defeats the purpose of LUA + SRP.
Remembering that with LUA, nothing can write to C:\Program Files and C:\Windows. With SRP (by default), nothing can execute except files from C:\Program Files and C:\Windows. This means newly introduced files on your system can't execute in your limited account, thus preventing drive-by malware. And if the malware tried to write to C:\Program Files and C:\Windows (where they would be allowed to execute), they would be denied, since you are running in a LUA.
This concept is actually very simple, but appears to be complicated. Once you get your head around it, you'll realise that it's very sound logic.
And this is where eMule becomes dangerous - it allows you to write to C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp even as a limited user! This potentially means that malware can write to those folders and if so, they would be allowed to execute (since everything under C:\Program Files can execute).
With eMule installed in default configuration, Limited Users can write to C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp. This arguably defeats (to an extent) the purpose of the LUA, and certainly defeats the purpose of LUA + SRP.
Remembering that with LUA, nothing can write to C:\Program Files and C:\Windows. With SRP (by default), nothing can execute except files from C:\Program Files and C:\Windows. This means newly introduced files on your system can't execute in your limited account, thus preventing drive-by malware. And if the malware tried to write to C:\Program Files and C:\Windows (where they would be allowed to execute), they would be denied, since you are running in a LUA.
This concept is actually very simple, but appears to be complicated. Once you get your head around it, you'll realise that it's very sound logic.
And this is where eMule becomes dangerous - it allows you to write to C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp even as a limited user! This potentially means that malware can write to those folders and if so, they would be allowed to execute (since everything under C:\Program Files can execute).
Re: Care when using eMule as Limited User
Do you know if the allowed write access is configured by the emule setup or by emule itself?
Ruhe- Valued Member
- Posts : 261
Join date : 2010-04-16
Location : Germany
Re: Care when using eMule as Limited User
Not sure what difference that would make?
Regardless, from memory, I know the default eMule setup allows even limited users to write to C:\Program Files etc (as described above).
If you don't use the default setup (which places incoming files in C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp) and configure incoming files to be placed elsewhere, then things start not working well in your LUA when you try to open eMule - you get error messages about files unable to be placed etc. I didn't investigate this further, so it's possible there could be a workaround.
Anyway, I don't use eMule anymore, so it's not really my concern. Will be interesting to see what you find though, if you're keen to experiment more.
Regardless, from memory, I know the default eMule setup allows even limited users to write to C:\Program Files etc (as described above).
If you don't use the default setup (which places incoming files in C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp) and configure incoming files to be placed elsewhere, then things start not working well in your LUA when you try to open eMule - you get error messages about files unable to be placed etc. I didn't investigate this further, so it's possible there could be a workaround.
Anyway, I don't use eMule anymore, so it's not really my concern. Will be interesting to see what you find though, if you're keen to experiment more.
Similar topics
» Mis-understandings about Limited/Standard User Accounts (LUA/SUA)
» New User with Questions
» IE and Safari lets attackers steal user names and addresses
» Wondershare Time Freeze [Free offer is time limited]
» Guest account Vs Standard user account in Windows 7?
» New User with Questions
» IE and Safari lets attackers steal user names and addresses
» Wondershare Time Freeze [Free offer is time limited]
» Guest account Vs Standard user account in Windows 7?
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|