RE: WINNT security priviledge escalation attack
From: Corey Snow (Corey.Snow@us.logical.com)Date: 10/30/02
- Previous message: Mohsen Hariri: "The death of shatter attacks?"
- Maybe in reply to: Paul Knibbs: "WINNT security priviledge escalation attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Oct 2002 11:18:17 -0600 From: "Corey Snow" <Corey.Snow@us.logical.com> To: <focus-ms@securityfocus.com>
> -----Original Message-----
> From: Jason Lopes [mailto:Jason@rga.com]
> Sent: Tuesday, October 29, 2002 8:59 AM
> To: focus-ms@securityfocus.com
> Subject: RE: WINNT security priviledge escalation attack
>
>
> I believe that if you format the drive during OS installation
> the default
> is:
>
> Quote --
> WINNT is writeable by Power Users and
> Administrators, while normal users have only read and execute
> access. Similarly, on a Win2K server I just checked out,
> Server Operators and Administrators have write access, but
> again normal users can only read and execute.
> End Quote --
>
> but if you install the OS as a fat partition and convert it I
> believe Everyone gets full control across the board.
>
Installing Win2K or WinNT on a FAT partition is just a Bad Idea(tm) if
you want your system to be secure. This isn't the only issue that
converting from FAT or having FAT partitions on your system creates.
Bottom line is for a secure Windows server or workstation, FAT is right
out. The operating system can't protect resources properly on a FAT
partition.
Regards,
Corey Snow
- Previous message: Mohsen Hariri: "The death of shatter attacks?"
- Maybe in reply to: Paul Knibbs: "WINNT security priviledge escalation attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
