Security Basics mailing list archives
RE: preventing run-as option
From: "Buozis, Martynas" <martynas () ti com>
Date: Wed, 11 Oct 2006 08:48:51 +0200
I guess this can be also achieved by restricting program execution not by path or file name, but also by hashing executable and restring to execute software that satisfies hash in policy. Above is also not 100% solution, but my help to reduce occurrences from launching program from USB stick or different path/name. With best regards Martynas -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of MaddHatter Sent: Tuesday, October 10, 2006 11:22 PM To: security-basics () securityfocus com Subject: Re: preventing run-as option "Dubber, Drew B" <drew.dubber () eds com> said (on 2006/10/09):
From: "Dubber, Drew B" <drew.dubber () eds com> Subject: RE: preventing run-as option ... Also set an ACL on the RUNAS.EXE command to allow admins/system only if
you really don't want people to use it :)
As a general rule, this is an ineffective way to limit access. Users can (and will) simply copy the file elsewhere and run it from there. Or if you prevent read access, they'll copy it from another computer and copy/run it from their USB stick. I can't resist mentioning that if users are sharing passwords, having runas (or not) is the least of your concerns. You've lost all ability to enforce policies or prosecute someone who does something bad. Users can claim, "Even though it was my user account that emailed the company's trade secrets to our competitors [or whatever], it wasn't actually _me_." Your company just lost a lot of money and has nobody to blame but the IT staff who allowed users to get away with sharing passwords. ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- preventing run-as option vijay shetti (Oct 06)
- Re: preventing run-as option Hylton Conacher(ZR1HPC) (Oct 10)
- RE: preventing run-as option Murda Mcloud (Oct 10)
- RE: preventing run-as option Dubber, Drew B (Oct 10)
- Re: preventing run-as option MaddHatter (Oct 10)
- Re: preventing run-as option MPope (Oct 11)
- RE: preventing run-as option Buozis, Martynas (Oct 11)
- Re: preventing run-as option MaddHatter (Oct 10)
- RE: preventing run-as option Dixon, Wayne (Oct 10)
- Re: preventing run-as option Clinton E. Troutman (Oct 10)
- <Possible follow-ups>
- RE: preventing run-as option Scott Ramsdell (Oct 10)
- RE: preventing run-as option Lariviere, Stephen (Oct 10)
- RE: preventing run-as option Lariviere, Stephen (Oct 10)
- Re: preventing run-as option Clinton E. Troutman (Oct 11)
- Re: preventing run-as option Ansgar -59cobalt- Wiechers (Oct 11)
- RE: preventing run-as option Murda Mcloud (Oct 12)
- Re: preventing run-as option nikhil (Oct 11)
- RE: preventing run-as option Lariviere, Stephen (Oct 13)
(Thread continues...)