ACLs

Question 1

What is an ACL?

Answer 1

Access Control List, a security mechanism defining permissions for resources.

Question 2

Why are good ACLs important?

Answer 2

Prevent unauthorized access or modification of sensitive data.

Question 3

What is an example of a vulnerable ACL?

Answer 3

Everyone (Full Control) on a registry key.

Question 4

What does Everyone (Full Control) allow?

Answer 4

Any user can modify or delete data in the registry key.

Question 5

What is the buggy code issue in the provided example?

Answer 5

Assumes registry data is 64 bytes or less, risking buffer overrun.

Question 6

What function is used in the buggy code?

Answer 6

RegQueryValueEx, which may return data larger than 64 bytes.

Question 7

What is a buffer overrun in this context?

Answer 7

Data exceeding the 64-byte buffer, overwriting memory.

Question 8

How does a weak ACL increase threat level?

Answer 8

Allows any user to set large data, triggering a buffer overrun.

Question 9

What can an attacker do with Everyone (Full Control)?

Answer 9

Set a buffer larger than 64 bytes or deny app access.

Question 10

How can an attacker deny app access?

Answer 10

Set ACL to Everyone (Deny Full Control).

Question 11

Does a good ACL eliminate secure coding needs?

Answer 11

No, secure coding is still required.

Question 12

What is the first solution to fix the code?

Answer 12

Dynamically allocate buffer based on registry key length.

Question 13

What is the problem with dynamic allocation?

Answer 13

Attackers can force large allocations, causing memory exhaustion.

Question 14

What is the second solution to fix the code?

Answer 14

Check data length and read only up to buffer’s maximum.

Question 15

What is a safer ACL configuration?

Answer 15

Admins (Full Control), Everyone (Read).

Question 16

What does Admins (Full Control) mean?

Answer 16

Only admins can modify data or ACLs.

Question 17

What does Everyone (Read) mean?

Answer 17

Non-admins can only read the registry key.

Question 18

What is WRITE_DAC in ACLs?

Answer 18

Permission to modify the ACL, included in Full Control.

Question 19

Why is the threat less severe with Admins (Full Control)?

Answer 19

Only admins can set large data or change ACLs.

Question 20

What is the risk if an attacker is an admin?

Answer 20

Can fully control the system, bypassing ACL protections.

Question 21

What is the registry in Windows?

Answer 21

A database storing system and application configuration data.

Question 22

What is HKEY_LOCAL_MACHINE?

Answer 22

A registry hive storing machine-wide settings.

Question 23

What does ZeroMemory do in the code?

Answer 23

Initializes the buffer to zero before use.

Question 24

Why is a fixed 64-byte buffer problematic?

Answer 24

Cannot handle larger registry data, risking overflow.

Question 25

What happens if an app runs out of memory?

Answer 25

PC slows drastically, impacting performance.

Question 26

Why validate registry data length?

Answer 26

Prevents buffer overruns and memory issues.

Question 27

What is the threat of a weak ACL?

Answer 27

High, as any user can exploit the registry key.

Question 28

Why is secure coding still necessary with good ACLs?

Answer 28

ACLs don’t prevent coding errors like buffer overruns.

Question 29

What is a registry key?

Answer 29

A container in the registry holding configuration values.

Question 30

Why check buffer length before reading?

Answer 30

Ensures data fits within allocated memory, avoiding overruns.