Bugtraq mailing list archives

Re: Printer Sharing and M1CR0S0FT Windows98

From: caskey () TECHNOCAGE COM (Caskey L. Dickson)
Date: Wed, 28 Oct 1998 21:30:04 -0800


On Wed, 28 Oct 1998, Neale Banks wrote:

        It seems that when you share a printer in windows 98, it'll create a
share called "PRINTER$" - which is actually your C:\Windows\System directory.
It is not password protected and you can view everything in your C:\Windows\System directory... even if your 
printer is shared with a password.


IIRC, this has been around for a long time (not that it excuses its
persistence) - the excuse, FWIW, being that the share is used to export
the printer's drivers.


This share does not share everything per se.  Rather it appears to be
somehow selective.  For example, the password lists (username.pwl) are not
shared, neither are many of the directories under there.  The
sub-directories that were shared on my system were:

  VMM32
  IOSUBSYS
  COLOR
  IE4Setup

The first two contain VXDs (virtual device drivers I believe).  The second
contains .ICM files, I don't know what they are.  While the last contains
a directory named plugins and a single DLL.  I believe we did an uninstall
of IE on this machine so perhaps it used to have the install software for
IE on it.  That would be a nice feature, automatically share your install
software for IE.

Simply placing a file in that directory named x.dll isn't sufficient to
enable it's appearance in the list.  The entry must be elsewhere, perhaps
the registry.

Easy way to make a difficult-to-detect trojan, add more files to the share
list under PRINTER$ then quitely take the files when nobody is looking.

If MS really _must_ do this, then it would it not be smarter to put the
printer drivers in a separate directory and export that?


I would tend to agree with you there.

C=)

--------------------------------------------------------------------------
    Heuer's Law: Any feature is a bug unless it can be turned off.
--------------------------------------------------------------------------
Caskey <caskey*technocage.com>       ///                pager.818.698.2306
TechnoCage Inc.                     ///|               gpg: aiiieeeeeee!!!
--------------------------------------------------------------------------
    Early bird gets the worm, but the second mouse gets the cheese.

Current thread:

Printer Sharing and M1CR0S0FT Windows98 enayd () KRYPT COM (Oct 24)
- Re: Printer Sharing and M1CR0S0FT Windows98 Neale Banks (Oct 27)
  - Re: Printer Sharing and M1CR0S0FT Windows98 Caskey L. Dickson (Oct 28)
- More about multi-stack allocator. Serge Orlov (Oct 28)
- FW: Security Bulletins Digest Patrick Oonk (Oct 28)
- Javascript bug in Netscape Communicator 4.5 Georgi Guninski (Oct 28)
  - Re: Javascript bug in Netscape Communicator 4.5 Willy TARREAU (Oct 29)
  - Re: Javascript bug in Netscape Communicator 4.5 Ryan Gray (Oct 29)
- <Possible follow-ups>
- Re: Printer Sharing and M1CR0S0FT Windows98 Paul Leach (Oct 27)