Re: Priviledge escalation attackFrom: Mike Coppins (email@example.com)
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #110"
- In reply to: Eric Howard: "Priviledge escalation attack"
- Next in thread: Henry Sieff: "RE: Priviledge escalation attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Oct 2002 17:16:26 +0000 To: firstname.lastname@example.org From: Mike Coppins <email@example.com>
At 28/10/2002 15:07, Eric Howard wrote:
>This is probably not news for many, but I thought I would throw it out for
>discussion. Microsoft, in my opinion, has committed a grave mistake in
>the NTFS permission scheme for the WINNT directory. ANY user may create
>file in this directory, even AFTER the C2 security rollups are applied.
Yep, this isn't the wisest set of permissions on that directory structure
(I know that there are a number of subdirectories with tightened permissions).
give a reasonably better level of security, while giving practical use of
the system for users locally logging in (it would also work for a basic
webserver config, but more ACL tightening is STRONGLY recommended),
although there are directories such as Temp which should be more relaxed
(say Everyone: Full), and some directories which should be tightened
further, such as system32\dllcache and winnt\servicepackfiles (don't allow
these dirs to inherit privs from parent, remove Everyone group).
NB for anyone thinking about trying this out:
This is a fairly basic tightening of security, should be tested heavily
before use, etc, etc. Don't blame me if you rolled it out on a live system
and your life is now falling apart around you. That would be your own
stupid fault for not testing it properly :)
-- Mike Coppins firstname.lastname@example.org http://www.legolas.com/ http://www.copsys.co.uk/