Bugtraq mailing list archives
Re: NMRC Advisory - Default NDS Rights
From: mbaker () COMTECH COM AU (M. Baker)
Date: Sun, 20 Sep 1998 14:03:45 +1000
Very true. Everyone get's [B]rowse object rights from the fact that they are included as a member of the [PUBLIC] trustee which covers everyone authenticated and those that are not. Your workaround was a little inaccurate. Just removing the [PUBLIC] trustee as a trustee of [Root] will remove NDS functionality of your users. What I suggest to most people is that they remove the [PUBLIC] trustee and then make [Root] a trustee of itself and then give [Root] Browse rights to itself. This gives users the ability to browse the tree, not loose any functionality. Now they have to authenticate to see the tree rather than just attaching. Hope this clears things up. BTW I wouldn't class this as a security problem, depending on your site you may want [PUBLIC] to be a trustee of [ROOT] if you don't want that do what I stated above. Michael
Current thread:
- Re: NMRC Advisory - Default NDS Rights costello, don (Sep 19)
- Re: NMRC Advisory - Default NDS Rights Simple Nomad (Sep 19)
- Re: NMRC Advisory - Default NDS Rights Bernd Eckenfels (Sep 19)
- Vulnerability in Lyris Listserver Jimmy Lee Alderson (Sep 19)
- Re: NMRC Advisory - Default NDS Rights Randy Richardson (Sep 20)
- <Possible follow-ups>
- Re: NMRC Advisory - Default NDS Rights M. Baker (Sep 19)