Home page logo
/

basics logo Security Basics mailing list archives

RE: permission
From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 7 Feb 2003 17:28:38 -0800

The program suppose to check to make sure that the drive has 
enough space before it starts writing or copying things and 
for that it needs read access to the C drive.

  It's going to need more than read access to do the "writing
or copying".  i.e., Something here is not kosher.

David Gillett


-----Original Message-----
From: Kenzo [mailto:kenzo_chin () hotmail com]
Sent: February 7, 2003 11:47
To: security-basics () securityfocus com
Subject: permission


OK, I need some input from you guys on this.
Our webmaster seems to think that giving the guest internet 
user read access
to the C drive is OK as long as you don't set IIS to list 
content and other
stuff that I don't understand, since I don't know anything 
about running a
website.
I told him that by doing so, most subfolders will also take 
that permission,
so if someone that knows what they're doing could compromise 
that account,
they would have read access to almost the whole C drive.
the box is a win2k server with IIS5.  I believe he wants to 
do this for some
error checking for a C or java program.
The program suppose to check to make sure that the drive has 
enought space
before it starts writing or copying things and for that it 
needs read access
to the C drive.
To me, even thought I don't know anything about programing 
and webhosting,
it doesn't look right from the security point of view.

Please give me some input on this if it's OK or not and why, 
so that I can
tell him yes it's OK or NO it's not OK because of this and that.

Thanks.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]