RE: IWAM: Writing temp files to \winnt\temp
From: Dinis Cruz (dinis_at_ddplus.net)
To: <firstname.lastname@example.org>, <email@example.com> Date: Tue, 3 Aug 2004 17:47:32 +0100
It is refreshing to hear somebody worrying about those issues (btw what is
being written to the c:\winnt\temp folder?).
Unfortunately that is the least of your problems.
Download the tools that I have developed for OWASP (i.e. ANSA and SAM'SHE)
and see how many vulnerabilities your system has (I'm assuming that you are
running your code with Full Trust):
Regarding ACL Issues the worse ones are:
- the fact that (by default) all IWAM accounts have Full Access to the
"Temporary Asp.Net Folder" and
- the fact that (by default) all IWAM accounts have Read Access to the
Let me know what you think of these OWASP tools
.Net Security Consultant
> -----Original Message-----
> From: Joey Peloquin [mailto:firstname.lastname@example.org]
> Sent: 03 August 2004 12:04
> To: email@example.com
> Subject: IWAM: Writing temp files to \winnt\temp
> I'm a security analyst with a large retail company.
> Our web application developers are writing a web service, which is called
> COM. It is written in dotnet, and they are impersonating IWAM.
> Since IWAM is making the call, temporary files are written to \winnt\temp,
> the value of the system %temp% and %tmp% variables. I've complained that
> don't like the idea of granting write to an anonymous account on
> \winnt\temp, but have been unable to locate any specific information on
> risk of doing so.
> Since the ASPNET account already has write to the directory (this is
> apparently done when the framework is installed?), and I cannot find any
> instances of other security practitioners having a problem with it, I am
> losing this fight. To compound matters, all of the references I've found
> \winnt\temp and serialization have lead to posts decreeing the resolution
> permission woes by granting 'write' on \winnt\temp for IWAM.
> From a pen-test perspective, what is the actual level of risk is
> with the developer's request? Do you know of any papers or other
> information that accurately discusses the risk, if any, of allowing IWAM
> write to \winnt\temp?
> Changing the value of the system %temp% and %tmp% variables is not
> Thanks for any insight.