Bugtraq mailing list archives

Re: reporting local security problems for WinNT (Re: Escalation of privileges)

From: der Mouse <mouse () RODENTS MONTREAL QC CA>
Date: Fri, 11 Aug 2000 12:28:46 -0400

Checking permissions at install time isn't sufficient.  They may
change later, and never be caught.  The program should verify the
integrity of the system as often as possible.


...within reason.  Installing a cronjob that checks every minute, for
example, would be excessive.

Sendmail does a really good job of checking permissions on everything
every time it does something.  It may slow things down some, but it
also finds problems when they happen.


Unfortunately it also finds non-problems too.  I have a system on which
the directories in the path leading to the aliases files are
group-writeable, by design.  (The system has all of two users, both of
whom are trusted.)  Sendmail kvetches about this every time I run
newaliases - I consider it broken for it to arrogate to itself the
right to tell me how my system should be set up, or that something like
this is a problem, and if it refused to run, or if it complained more
often or more verbosely, I would fix it (or, perhaps, switch).

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

Re: reporting local security problems for WinNT (Re: Escalation of privileges) der Mouse (Aug 11)
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) H Carvey (Aug 14)
- Re: reporting local security problems (was: for WinNT) Claus Assmann (Aug 14)