Bugtraq mailing list archives
Re: Printer Sharing and M1CR0S0FT Windows98
From: caskey () TECHNOCAGE COM (Caskey L. Dickson)
Date: Wed, 28 Oct 1998 21:30:04 -0800
On Wed, 28 Oct 1998, Neale Banks wrote:
It seems that when you share a printer in windows 98, it'll create a share called "PRINTER$" - which is actually your C:\Windows\System directory. It is not password protected and you can view everything in your C:\Windows\System directory... even if your printer is shared with a password.IIRC, this has been around for a long time (not that it excuses its persistence) - the excuse, FWIW, being that the share is used to export the printer's drivers.
This share does not share everything per se. Rather it appears to be somehow selective. For example, the password lists (username.pwl) are not shared, neither are many of the directories under there. The sub-directories that were shared on my system were: VMM32 IOSUBSYS COLOR IE4Setup The first two contain VXDs (virtual device drivers I believe). The second contains .ICM files, I don't know what they are. While the last contains a directory named plugins and a single DLL. I believe we did an uninstall of IE on this machine so perhaps it used to have the install software for IE on it. That would be a nice feature, automatically share your install software for IE. Simply placing a file in that directory named x.dll isn't sufficient to enable it's appearance in the list. The entry must be elsewhere, perhaps the registry. Easy way to make a difficult-to-detect trojan, add more files to the share list under PRINTER$ then quitely take the files when nobody is looking.
If MS really _must_ do this, then it would it not be smarter to put the printer drivers in a separate directory and export that?
I would tend to agree with you there. C=) -------------------------------------------------------------------------- Heuer's Law: Any feature is a bug unless it can be turned off. -------------------------------------------------------------------------- Caskey <caskey*technocage.com> /// pager.818.698.2306 TechnoCage Inc. ///| gpg: aiiieeeeeee!!! -------------------------------------------------------------------------- Early bird gets the worm, but the second mouse gets the cheese.
Current thread:
- Printer Sharing and M1CR0S0FT Windows98 enayd () KRYPT COM (Oct 24)
- Re: Printer Sharing and M1CR0S0FT Windows98 Neale Banks (Oct 27)
- Re: Printer Sharing and M1CR0S0FT Windows98 Caskey L. Dickson (Oct 28)
- More about multi-stack allocator. Serge Orlov (Oct 28)
- FW: Security Bulletins Digest Patrick Oonk (Oct 28)
- Javascript bug in Netscape Communicator 4.5 Georgi Guninski (Oct 28)
- Re: Javascript bug in Netscape Communicator 4.5 Willy TARREAU (Oct 29)
- Re: Javascript bug in Netscape Communicator 4.5 Ryan Gray (Oct 29)
- <Possible follow-ups>
- Re: Printer Sharing and M1CR0S0FT Windows98 Paul Leach (Oct 27)
- Re: Printer Sharing and M1CR0S0FT Windows98 Neale Banks (Oct 27)