Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Bypassing Inherited Rights Filters in Novell Directory Services.
From: Bob Fiero <bfiero () MENTALFLOSS NET>
Date: Sun, 10 Sep 2000 13:10:23 -0400

At 07:24 PM 9/7/2000 -0700, you wrote:
Here's an example. An administrator, .BOB.ACME, has Supervisor [S] rights to
the .ACME container. There is a container, .SECRET.ACME, which BOB should not
have any access to.

If you understood NDS sufficiently, you wouldn't give Bob [S] rights to a
container where you need to keep him from objects under that container.
Regardless of what you do, Bob has [S] rights that you granted him, and
those rights can be applied...as in giving himself or any other user access
to objects within that container. How is that a bug?

Not that I know NDS inside and out or anything...but give [W] Write rights
(or any other rights), you can take them away further down the tree...Give
[S] rights, that gives a user the ability to change rights on objects
within that container. I don't see this as a bug, but perhaps as a
mis-understanding of how NDS works.

---

The single most effective thing you can do to protect yourself on the
Internet...Never use Microsoft products or protocols.

Increase your Win98 system speed, stability, and security. Remove IE.
http://www.98lite.net


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault