Care when using eMule as Limited User

View previous topic View next topic Go down

Care when using eMule as Limited User

Post by ssj100 on 17/4/2010, 03:38

I only recently discovered this with AccessEnum, although this behaviour should have been obvious:

With eMule installed in default configuration, Limited Users can write to C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp. This arguably defeats (to an extent) the purpose of the LUA, and certainly defeats the purpose of LUA + SRP.

Remembering that with LUA, nothing can write to C:\Program Files and C:\Windows. With SRP (by default), nothing can execute except files from C:\Program Files and C:\Windows. This means newly introduced files on your system can't execute in your limited account, thus preventing drive-by malware. And if the malware tried to write to C:\Program Files and C:\Windows (where they would be allowed to execute), they would be denied, since you are running in a LUA.

This concept is actually very simple, but appears to be complicated. Once you get your head around it, you'll realise that it's very sound logic.

And this is where eMule becomes dangerous - it allows you to write to C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp even as a limited user! This potentially means that malware can write to those folders and if so, they would be allowed to execute (since everything under C:\Program Files can execute).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Care when using eMule as Limited User

Post by Ruhe on 23/4/2010, 01:08

Do you know if the allowed write access is configured by the emule setup or by emule itself?
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: Care when using eMule as Limited User

Post by ssj100 on 23/4/2010, 08:41

Not sure what difference that would make?

Regardless, from memory, I know the default eMule setup allows even limited users to write to C:\Program Files etc (as described above).

If you don't use the default setup (which places incoming files in C:\Program Files\eMule\Incoming and C:\Program Files\eMule\Temp) and configure incoming files to be placed elsewhere, then things start not working well in your LUA when you try to open eMule - you get error messages about files unable to be placed etc. I didn't investigate this further, so it's possible there could be a workaround.

Anyway, I don't use eMule anymore, so it's not really my concern. Will be interesting to see what you find though, if you're keen to experiment more.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Care when using eMule as Limited User

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum