|
Penetration Testing
mailing list archives
IWAM: Writing temp files to \winnt\temp
From: Joey Peloquin <joeyp () voteprivacy com>
Date: Tue, 03 Aug 2004 07:04:21 -0500
Greetings,
I'm a security analyst with a large retail company.
Our web application developers are writing a web service, which is called by
COM. It is written in dotnet, and they are impersonating IWAM.
Since IWAM is making the call, temporary files are written to \winnt\temp,
the value of the system %temp% and %tmp% variables. I've complained that I
don't like the idea of granting write to an anonymous account on
\winnt\temp, but have been unable to locate any specific information on the
risk of doing so.
Since the ASPNET account already has write to the directory (this is
apparently done when the framework is installed?), and I cannot find any
instances of other security practitioners having a problem with it, I am
losing this fight. To compound matters, all of the references I've found to
\winnt\temp and serialization have lead to posts decreeing the resolution of
permission woes by granting 'write' on \winnt\temp for IWAM.
From a pen-test perspective, what is the actual level of risk is associated
with the developer's request? Do you know of any papers or other
information that accurately discusses the risk, if any, of allowing IWAM to
write to \winnt\temp?
Changing the value of the system %temp% and %tmp% variables is not possible.
Thanks for any insight.
Joey
 By Date 
By Thread
Current thread:
- IWAM: Writing temp files to \winnt\temp Joey Peloquin (Aug 03)
|
Intro
