Vista - Doesn't this example violate Mandatory Integrity Control?

09-26-2006

Hello:

Scenario:
1) Launch notepad.exe with High MIC label, create file, close file.
2) Launch notepad.exe with Medium MIC label, edit that same file, save the
changes successfully.

Isn't this a violation of the purpose of mandatory integrity control? A
process with a lower label (Medium) is successfully editing a file created
and saved by another process with a higher label (High)?

I'm not certain, but I swear this wasn't possible with earlier builds of
Vista... :-\

Any insight will be greatly appreciated!

Thanks!

10-04-2006

Hello,

I may be wrong on this, but I think the object integrity value is controlled
thru the object permissions heirarchy. When a process is running, it can
only write to objects/containers that have an equal or lesser integrity
value than what it is assigned, but when it creates an object I believe that
object inherits the MIC value from the container, unless explicitly set.

This would explain the behavior in your example, as the file you created
most likely would have been set to the NORMAL integrity value, which is
writable from both admin and non-admin processes.

--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

09-26-2006	#1 (permalink)
Walter Porter n/a posts	Doesn't this example violate Mandatory Integrity Control? Hello: Scenario: 1) Launch notepad.exe with High MIC label, create file, close file. 2) Launch notepad.exe with Medium MIC label, edit that same file, save the changes successfully. Isn't this a violation of the purpose of mandatory integrity control? A process with a lower label (Medium) is successfully editing a file created and saved by another process with a higher label (High)? I'm not certain, but I swear this wasn't possible with earlier builds of Vista... :-\ Any insight will be greatly appreciated! Thanks!
My System Specs

10-04-2006	#2 (permalink)
Jimmy Brush n/a posts	Re: Doesn't this example violate Mandatory Integrity Control? Hello, I may be wrong on this, but I think the object integrity value is controlled thru the object permissions heirarchy. When a process is running, it can only write to objects/containers that have an equal or lesser integrity value than what it is assigned, but when it creates an object I believe that object inherits the MIC value from the container, unless explicitly set. This would explain the behavior in your example, as the file you created most likely would have been set to the NORMAL integrity value, which is writable from both admin and non-admin processes. -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/
My System Specs

Similar Threads
Thread	Forum
Re: Booting Vista from external drive violate MS EULA?	Vista General
RE: Booting Vista from external drive violate MS EULA?	Vista General
Code Integrity Errors	System Security
How to elevate integrity level of a process	Vista security
Mandatory Integrity Control (MIC) tools? Biba tools?	Vista security