Integrity levels are assigned within Vista to processes (subjects) and objects and an integrity policy restricts access granted by the Discretionary Access Control (DAC) security model. We start to work with integrity levels within windows!
• • • •
In reality this can have the consequence that software with a low(er) integrity level can’t make changes to software of processes with a higher integrity level.
And here comes the trick: Internet Explorer 7 standard works in a low integrity level context.
So how does this work? Integrity levels are defined by Security IDs (common known as SIDs). The RID defines the actual integrity level. The integrity levels themselves are sometimes called "Windows Integrity Levels" or "Mandatory Integrity Levels." Right now the following primary integrity levels exists:
Integrity level policies are associated with generic access rights and default the following rules exists: • No-Write-Up which means that a lower Integrity Level process cannot modify a higher Integrity Level object • No-Read-Up which means that a lower Integrity Level process having generic read possibilities • No-Execute-Up which means that a lower Integrity Level process generic execute access
www.insecuremag.com
Low S-1-16-4096 (0x1000) Medium S-1-16-8192 (0x2000) High S-1-16-12288 (0x3000) System S-1-16-16384 (0x4000)
IE7 and integrity levels
The user however is working in a medium integrity level context. If you would download a piece of code or software from the internet there is a rule that is saying: no-write-up. The lower integrity level can’t access or misuse the process running in a higher integrity level context (for example a process running in the context of the user).
As stated before: the default policy is “nowrite-up”. Security tokens in every process can be assigned an integrity level and administrators can change those levels between “untrusted” and “high”. Administrators can't set integrity levels higher than "high" because administrators itself run in the integrity context of "high" and no one can ever elevate (even administrators can’t) an object's integrity level higher than their own level. You can see a process’ integrity level by typing the command: Whoami /all. There are also tools in the market like that of Mark Russinovich (Microsoft Sysinternals). For more information visit tinyurl.com/y8jsyn. 19