Full Disclosure mailing list archives

Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)

From: Chris Smith <chris.rs () xtra co nz>
Date: Mon, 23 Aug 2004 22:02:34 +1200

On Mon, 23 Aug 2004 07:11, bipin gautam wrote:

Not really, I've discoverd a NTFS feature (BUG?).
well... If you have system/administrative privilages
in a disk.... you can read/modify a file even though
it has "EVERYONE: DENY" permission set.


OMFG!! REISERFS HAS THE SAME EXPLOIT!!!!

CHECK OUT MY POC!

chris@chris h4x0r $ echo "bipin sucks" >> hax
chris@chris h4x0r $ chmod -rwx hax
chris@chris h4x0r $ ls -alo hax
----------  1 chris 12 Aug 23 21:58 hax
chris@chris h4x0r $ cat hax
cat: hax: Permission denied
chris@chris h4x0r $ sudo cat hax
bipin sucks
chris@chris h4x0r $

Superuser means _SUPERUSER_ (or administrator).

Not a bug, not a feature. It just is.

Chris.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Unsecure file permission of ZoneAlarm pro. bipin gautam (Aug 19)
- <Possible follow-ups>
- RE: Unsecure file permission of ZoneAlarm pro. John LaCour (Aug 20)
  - Re: Unsecure file permission of ZoneAlarm pro. Maarten (Aug 20)
    - Re: Unsecure file permission of ZoneAlarm pro. bipin gautam (Aug 20)
    - RE: Unsecure file permission of ZoneAlarm pro. Sean Crawford (Aug 20)
    - Re: Unsecure file permission of ZoneAlarm pro. Birl (Aug 20)
  - Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 20)
  - Re: Unsecure file permission of ZoneAlarm pro. stephane nasdrovisky (Aug 21)
    - Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 21)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Chris Smith (Aug 23)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) James Greenhalgh (Aug 23)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 23)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
    - Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- RE: Unsecure file permission of ZoneAlarm pro. Todd Towles (Aug 20)
  - Re: Unsecure file permission of ZoneAlarm pro. Barry Fitzgerald (Aug 20)
- RE: Unsecure file permission of ZoneAlarm pro. Todd Towles (Aug 20)
- RE: Unsecure file permission of ZoneAlarm pro. Matthew Farrenkopf (Aug 20)

(Thread continues...)