Bugtraq mailing list archives
Re: reporting local security problems for WinNT (Re: Escalation of privileges)
From: der Mouse <mouse () RODENTS MONTREAL QC CA>
Date: Fri, 11 Aug 2000 12:28:46 -0400
Checking permissions at install time isn't sufficient. They may change later, and never be caught. The program should verify the integrity of the system as often as possible.
...within reason. Installing a cronjob that checks every minute, for example, would be excessive.
Sendmail does a really good job of checking permissions on everything every time it does something. It may slow things down some, but it also finds problems when they happen.
Unfortunately it also finds non-problems too. I have a system on which the directories in the path leading to the aliases files are group-writeable, by design. (The system has all of two users, both of whom are trusted.) Sendmail kvetches about this every time I run newaliases - I consider it broken for it to arrogate to itself the right to tell me how my system should be set up, or that something like this is a problem, and if it refused to run, or if it complained more often or more verbosely, I would fix it (or, perhaps, switch). der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) der Mouse (Aug 11)
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) H Carvey (Aug 14)
- Re: reporting local security problems (was: for WinNT) Claus Assmann (Aug 14)