Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Bypassing Inherited Rights Filters in Novell Directory Services.
From: Bob Fiero <bfiero () MENTALFLOSS NET>
Date: Sun, 10 Sep 2000 13:10:23 -0400

At 07:24 PM 9/7/2000 -0700, you wrote:
Here's an example. An administrator, .BOB.ACME, has Supervisor [S] rights to
the .ACME container. There is a container, .SECRET.ACME, which BOB should not
have any access to.

If you understood NDS sufficiently, you wouldn't give Bob [S] rights to a
container where you need to keep him from objects under that container.
Regardless of what you do, Bob has [S] rights that you granted him, and
those rights can be applied...as in giving himself or any other user access
to objects within that container. How is that a bug?

Not that I know NDS inside and out or anything...but give [W] Write rights
(or any other rights), you can take them away further down the tree...Give
[S] rights, that gives a user the ability to change rights on objects
within that container. I don't see this as a bug, but perhaps as a
mis-understanding of how NDS works.


The single most effective thing you can do to protect yourself on the
Internet...Never use Microsoft products or protocols.

Increase your Win98 system speed, stability, and security. Remove IE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]