ssj100 Security Forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Care when using eMule as Limited User

2 posters

Go down

Care when using eMule as Limited User Empty Care when using eMule as Limited User

Post by ssj100 17/4/2010, 03:38

I only recently discovered this with AccessEnum, although this behaviour should have been obvious:

With eMule installed in default configuration, Limited Users can write to C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp. This arguably defeats (to an extent) the purpose of the LUA, and certainly defeats the purpose of LUA + SRP.

Remembering that with LUA, nothing can write to C:\Program Files and C:\Windows. With SRP (by default), nothing can execute except files from C:\Program Files and C:\Windows. This means newly introduced files on your system can't execute in your limited account, thus preventing drive-by malware. And if the malware tried to write to C:\Program Files and C:\Windows (where they would be allowed to execute), they would be denied, since you are running in a LUA.

This concept is actually very simple, but appears to be complicated. Once you get your head around it, you'll realise that it's very sound logic.

And this is where eMule becomes dangerous - it allows you to write to C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp even as a limited user! This potentially means that malware can write to those folders and if so, they would be allowed to execute (since everything under C:\Program Files can execute).
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Care when using eMule as Limited User Empty Re: Care when using eMule as Limited User

Post by Ruhe 23/4/2010, 01:08

Do you know if the allowed write access is configured by the emule setup or by emule itself?
Ruhe
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

Back to top Go down

Care when using eMule as Limited User Empty Re: Care when using eMule as Limited User

Post by ssj100 23/4/2010, 08:41

Not sure what difference that would make?

Regardless, from memory, I know the default eMule setup allows even limited users to write to C:\Program Files etc (as described above).

If you don't use the default setup (which places incoming files in C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp) and configure incoming files to be placed elsewhere, then things start not working well in your LUA when you try to open eMule - you get error messages about files unable to be placed etc. I didn't investigate this further, so it's possible there could be a workaround.

Anyway, I don't use eMule anymore, so it's not really my concern. Will be interesting to see what you find though, if you're keen to experiment more.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Care when using eMule as Limited User Empty Re: Care when using eMule as Limited User

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum