Bugtraq mailing list archives
Re: reporting local security problems for WinNT (Re: Escalation of privileges)
From: der Mouse <mouse () RODENTS MONTREAL QC CA>
Date: Fri, 11 Aug 2000 12:28:46 -0400
Checking permissions at install time isn't sufficient. They may change later, and never be caught. The program should verify the integrity of the system as often as possible.
...within reason. Installing a cronjob that checks every minute, for example, would be excessive.
Sendmail does a really good job of checking permissions on everything every time it does something. It may slow things down some, but it also finds problems when they happen.
Unfortunately it also finds non-problems too. I have a system on which
the directories in the path leading to the aliases files are
group-writeable, by design. (The system has all of two users, both of
whom are trusted.) Sendmail kvetches about this every time I run
newaliases - I consider it broken for it to arrogate to itself the
right to tell me how my system should be set up, or that something like
this is a problem, and if it refused to run, or if it complained more
often or more verbosely, I would fix it (or, perhaps, switch).
der Mouse
mouse () rodents montreal qc ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) der Mouse (Aug 11)
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) H Carvey (Aug 14)
- Re: reporting local security problems (was: for WinNT) Claus Assmann (Aug 14)
