mailing list archives
Re: Microsoft Windows Vista/2003/XP/2000 file management security issues
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 9 Mar 2007 23:48:05 +0300
Dear Michele Cicciotti,
--Friday, March 9, 2007, 9:00:05 PM, you wrote to full-disclosure () lists grok org uk:
Bob wishes to create "Bob private data" folder in "Public" folder to
place few private files. "Public" has at least "Write" permissions for
"User" group. Bob:
MC> This is, of course, wrong. You muddy the issue with the "Write
MC> permissions for User group" red herring and we are all supposed to
MC> oooh and aaah at your sleigh-of-hand trickery. Of course, a proper
MC> public repository for private folders should have saner settings
MC> than that, to begin with.
First, Bob's private data was just an example. A problem itself belongs
to any case where data with more restrictive permissions is created in a
folder with less restrictive permissions. And despite Mr. Grimes says,
this is quite common case under Windows and can be found in almost any
real corporate directory structure. If you ever removed "Inherit from
parent" checkbox in advanced security settings - you most probably were
vulnerable to attack. Show me administrator who never did.
Second, "Preopen file attack" and everything below will work with
saner "Add and read permission for User group". Any usage of "Creator
owner" group is a case where this can be exploited.
Ибо факты есть факты, и изложены они лишь для того, чтобы их поняли и в них поверили. (Твен)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/