RE: Bypass Traverse Checking?

From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 01/28/03

Next message: Sarbjit Singh Gill: "IIS 5.0 and Digest Authentication"

Previous message: Rickards, Trevor ERM: "RE: Win2k log management"
In reply to: matthew patton: "RE: Bypass Traverse Checking?"
Next in thread: dave: "RE: Bypass Traverse Checking?"
Reply: dave: "RE: Bypass Traverse Checking?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Laura A. Robinson" <larobins@bellatlantic.net>
To: "'matthew patton'" <pattonme@yahoo.com>, <focus-ms@securityfocus.com>
Date: Mon, 27 Jan 2003 18:54:53 -0500

Not a good idea as a rule of thumb. Giving _nobody_ this right will cause
problems. For example:

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B290647
If you want Group Policy to work, this is a big one.

And this, again GP related:
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B319808

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B272142
This is pretty significant if you use terminal services.

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B324333
This one affects IIS.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsnetserver/proddocs/datacenter/cluad_pr_59.asp
Clusters.

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B243813

So, while you may remove the right for some, removing it across the board
may not be wise.

Laura

> -----Original Message-----
> From: matthew patton [mailto:pattonme@yahoo.com]
> Sent: Friday, January 24, 2003 11:01 AM
> To: focus-ms@securityfocus.com
> Subject: RE: Bypass Traverse Checking?
>
>
> Sorry I'm late in on the conversation. "Bypass Traverse
> checking" as a matter of course needs to be unset for
> everybody (ie. nobody is allowed to do it) if you really care
> about file system security. IMO.
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Next message: Sarbjit Singh Gill: "IIS 5.0 and Digest Authentication"
Previous message: Rickards, Trevor ERM: "RE: Win2k log management"
In reply to: matthew patton: "RE: Bypass Traverse Checking?"
Next in thread: dave: "RE: Bypass Traverse Checking?"
Reply: dave: "RE: Bypass Traverse Checking?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Bypass Traverse Checking?
... assigning the user the right to bypass traverse checking. ... Subject: Bypass Traverse Checking? ... Giving _nobody_ this right will cause ... > Do you Yahoo!? ...
(Focus-Microsoft)
Re: [Full-Disclosure] (no subject)
... find your site worthy? ... New and Improved Yahoo! ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
(Full-Disclosure)
Re: Microsoft jumping the shark?
... i find the whole "buy yahoo" idea laughable... ... it's like Sears buying Woolworth... ... Nobody cares... ... The Internet Age has past MS by and there is nothing they can do within ...
(comp.sys.mac.advocacy)
Re: OS use rate
... And nobody in your project uses Windows too? ... Prev by Date: ...
(freebsd-questions)
RE: Bypass Traverse Checking?
... matter of course needs to be unset for everybody (ie. nobody is allowed ... Do you Yahoo!? ...
(Focus-Microsoft)