Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#38 Loop Hole to Start Other Apps from allowed third-party apps

v1.0 (example)
closed
nobody
None
5
2015-01-26
2014-05-21
Semmy
No

Related Ticket: #31 Loop Hole to Start Other Apps

Summary
SEB 2.0RC6 on Windows 7
Third-party application access and/or Kiosk mode
Access to Windows Explorer shell

Synopsis:
We identified a loophole in SEB2.0RC6 when SEB allow granting optional access to third-party application to tester if the testee allow such.
What then happen is that, in the third-party application (let’s say Notepad), should the tester click on Open File or save As, whilst in the Open File dialog box, with the right skill, the tester has access to the Windows explorer shell and hence able to open any application of choice such as Chrome and viola has access to sites such as Google et al.
Such 'with the right skill is actually elementary such as 1. typing . in the filename box, which causes the list of files panes to show all files or 2. clicking inside the list of file names pane and pressing Ctrl+N to open a Windows explorer shell.

This does not affect SEB materially as student will primarily be taking eAssessment online on a webpage. There will be no access to File Open Dialog windows. Most LMS like Moodle does not provide an option for student/tester to upload a file for a "Quiz". However, this is not the case for a "Submission".
Secondly, SEB has provision for prohibiting undesired application(s) on its block list (Mitigating control). It is also noted that URL filtering (. et al) and url filter is planned for SEB2.0

A Required control is to enable a config selection (click) that will explicitly block all application except for white-list third-party application. Much like a 'need-to-know' control concept.

Discussion

  • Pascal Wyss
    Pascal Wyss
    2014-05-21

    Hi

    If you use the kiosk mode "Disable Explorer Shell" it should not be possible to interact with applications that are not listed in permitted processes.
    On the technical side the following happens when you start SEB:

    - All Windows are minimized on startup
    - A ForegroundWatchDog checks every window that wants to come into foreground if it belongs to a permitted process. If not it will be hidden immediately
    - For explicitly prohibited applications, those that are not even allowed to run in background, the ProcessWatchDog kills all applications that are prohibited right on startup.
    

    In RC6 this behaviour is implemented and should work as expected.
    You will always have access to the file system and will be able to open any file with the allowed applications though. If you want to be more restrictive you should use the Virtual-Machine approach, where you use seb to start a view client and the VM then has rescricted file system access.

     
  • Semmy
    Semmy
    2014-05-21

    Agree: In RC6 this behaviour is implemented and should work as expected.

    The loophole: You will always have access to the file system and will be able to open any file with the allowed applications though.

    There has to be a balance between the desired (access to file system) and undesired (execute other application(s))

    Possible: spawn a (controlled) VM as stated @Pascal Wyss (we are restricted by university ICT policy at the moment) or a secondary/mitigating control (option in SEB to explicitly block all application except for white-list third-party application. Much like a 'need-to-know' control concept).

     
    • status: open --> closed
     
  • This problem is solved in SEB 2.0.2, as long as you're using the Kiosk mode "Disable Explorer Shell" (see Config Tool -> Security tab). SEB hides all non-permitted applications.

    Local file system access as soon as a file dialog is displayed cannot be blocked in Windows (you can only hide drives, but when entering the path manually, you can access all drives and directories). You can verify that with various parental control software.

    You have to use a controlled virtual machine for running third party applications which present file open dialogues.

    SEB 2.1 will allow to switch on/off this permitted process monitoring in both Kiosk modes.