Security Basics mailing list archives
RE: permission
From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 7 Feb 2003 17:28:38 -0800
The program suppose to check to make sure that the drive has enough space before it starts writing or copying things and for that it needs read access to the C drive.
It's going to need more than read access to do the "writing or copying". i.e., Something here is not kosher. David Gillett
-----Original Message----- From: Kenzo [mailto:kenzo_chin () hotmail com] Sent: February 7, 2003 11:47 To: security-basics () securityfocus com Subject: permission OK, I need some input from you guys on this. Our webmaster seems to think that giving the guest internet user read access to the C drive is OK as long as you don't set IIS to list content and other stuff that I don't understand, since I don't know anything about running a website. I told him that by doing so, most subfolders will also take that permission, so if someone that knows what they're doing could compromise that account, they would have read access to almost the whole C drive. the box is a win2k server with IIS5. I believe he wants to do this for some error checking for a C or java program. The program suppose to check to make sure that the drive has enought space before it starts writing or copying things and for that it needs read access to the C drive. To me, even thought I don't know anything about programing and webhosting, it doesn't look right from the security point of view. Please give me some input on this if it's OK or not and why, so that I can tell him yes it's OK or NO it's not OK because of this and that. Thanks.
Current thread:
- permission Kenzo (Feb 07)
- RE: permission * KAPIL * (Feb 10)
- Re: permission Kenzo (Feb 10)
- RE: permission Bill Lavalette (Feb 10)
- RE: permission David Gillett (Feb 10)
- RE: permission Curt Rozeboom (Feb 10)
- <Possible follow-ups>
- RE: permission Phillips, Mike (Feb 10)
- RE: permission * KAPIL * (Feb 10)