Re: NTFS inherited permissions bug on W2K
From: Peter Larsen (plarsen@MUYIOVATKI.DK)Date: 10/11/01
- Previous message: Arne Vidstrom: "Vulnerabilities in Ipswitch IMail Server 7.04"
- In reply to: Y. W. Ko: "Re: NTFS inherited permissions bug on W2K"
- Next in thread: Tony Thai: "Re: NTFS inherited permissions bug on W2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <004501c15273$01b46200$de5a3e50@opasia.dk> Date: Thu, 11 Oct 2001 17:36:50 +0100 From: Peter Larsen <plarsen@MUYIOVATKI.DK> Subject: Re: NTFS inherited permissions bug on W2K To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
: Let me take another stab at this one :) - when I used
: to write NT security tools a few years back, I had a
: lot of fun playing with NT ACL's, including programmatically.
This issue can be dealt with tersely. It is well described by now how things
work. The difference between a move on the same partition and a move between
partions is no longer acceptable, simply because it is not longer obvious
what kind of a move that takes place. Consequently consistent inheritance
needs to be applied. There might be a file system overhead in so doing and
it needs to be considered whether it is acceptable that a files ACL only
said "look at the directory". With true inheritance a file might not need to
have an ACL, but that could be very worrisome in case of a file system
malfunction.
Kind regards
Peter Larsen
*************************************************************
* This posting handcrafted by Peter Larsen, MCSE *
* My site is at: http://www.muyiovatki.dk *
*************************************************************
============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant
ivirus.com/smex2000_rebate
- Previous message: Arne Vidstrom: "Vulnerabilities in Ipswitch IMail Server 7.04"
- In reply to: Y. W. Ko: "Re: NTFS inherited permissions bug on W2K"
- Next in thread: Tony Thai: "Re: NTFS inherited permissions bug on W2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
