Can an ASP.NET application punch a hole through IIS?

  • Thread starter Thread starter PSiegmann
  • Start date Start date
P

PSiegmann

Hi newsgroup.

I ask, can a buggy ASP.net app grant root access to the server? Or are
there built-in mechanisms that prevent this?

Let's say, I have a bug in my application, that under certain
situations provokes a never ending loop, the application crashes, and
the asp.net process will get recycled.. could this provoke an attack?


Short question: Is ASP.net shielded enough from IIS, so that any
failures in .net applications, don't affect the security of IIS?
 
Hi newsgroup.

I ask, can a buggy ASP.net app grant root access to the server? Or are
there built-in mechanisms that prevent this?

Let's say, I have a bug in my application, that under certain
situations provokes a never ending loop, the application crashes, and
the asp.net process will get recycled.. could this provoke an attack?

Short question: Is ASP.net shielded enough from IIS, so that any
failures in .net applications, don't affect the security of IIS?
Click to expand...

ASP.NET handles it's errors internally, and to a degree it may protect
IIS, but ASP.NET generally runs as "ASPNET" with sufficient privledge
to grant very damaging access if it's abused. It also doesn't
neccessarily realize what is and isn't an attack, so something could
be passed through ASP.NET without harm and still break IIS.

It's not a massive security hole (ok, maybe it is, but so is
everything else), but it's something to be aware of.
 
Hi newsgroup.

I ask, can a buggy ASP.net app grant root access to the server? Or are
there built-in mechanisms that prevent this?
Click to expand...

That depends entirely on what security context you are running ASP.NET
application in.

By default, on Windows Server 2003, ASP.NET runs as Network Service, which
is a relatively low privilege account. If you change this to something else
(e.g. "LocalSystem") then obviously ASP.NET is now effectively running as
"root", and if an attacker can manipulate your application, they may be able
to get full privileges over your system.

Let's say, I have a bug in my application, that under certain
situations provokes a never ending loop, the application crashes, and
the asp.net process will get recycled.. could this provoke an attack?
Click to expand...

Well, it would cause, potentially, a denial of service attack (since a never
ending loop generally causes 100% CPU). But you can mitigate this by
configuring IIS to allow a web application pool only a certain % of CPU.
Short question: Is ASP.net shielded enough from IIS, so that any
failures in .net applications, don't affect the security of IIS?
Click to expand...

This is a question that can not be answered without more information. There
is no such thing as the perfectly secure application - only applications
that are more secue than others. It all depends on your configuration, and
what the application is doing.

Cheers
Ken
 
Hi newsgroup.

I ask, can a buggy ASP.net app grant root access to the server? Or are
there built-in mechanisms that prevent this?

Let's say, I have a bug in my application, that under certain
situations provokes a never ending loop, the application crashes, and
the asp.net process will get recycled.. could this provoke an attack?

Short question: Is ASP.net shielded enough from IIS, so that any
failures in .net applications, don't affect the security of IIS?
Click to expand...



No. No general application development platform is shielded enough
such that vulnerabilities within it do not affect the security of the
underlying system. You will quickly find that platforms where you are
securely shielded by default to be very non-functional.

There is no short-cut to security. You cannot "sprinkle" security onto
a system, you cannot run in a "safe mode sand box" and say it's all
safe; it literally has to be built into the system by a developer
aware of security and its implications.

For example, reading and writing certain files can be dangerous, so
"safe mode" and sandboxes may deny those operations or limit the
resources that can be read/write, but suppose you are writing a media
streaming application or file upload application... you will quickly
find those restrictions cumbersome.

It is always a balance between Security and Functionality, and the
developer has to determine the correct balance. There is no automatic
way.

You literally have to think "suppose I need to allow file uploads...
maybe I should only ACL certain folder structures on the hard drive to
allow the user identity running the upload application to have write
access, and not make that directory otherwise visible/available by any
other service.

Let's say, I have a bug in my application, that under certain
situations provokes a never ending loop, the application crashes, and
the asp.net process will get recycled.. could this provoke an attack?
Click to expand...

That is a Denial of Service (DoS) attack. It is a form of security
attack. Likewise, granting root access is an elevation of privilege,
another form of security attack. There are many other categories of
security attacks, and ideally, your application needs to enumerate and
address all of them.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
 
Back
Top