Full Disclosure mailing list archives
Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)
From: Barrie Dempster <barrie () reboot-robot net>
Date: Mon, 23 Aug 2004 12:28:46 +0100
On Sun, 2004-08-22 at 20:11, bipin gautam wrote:
Not really, I've discoverd a NTFS feature (BUG?). well... If you have system/administrative privilages in a disk.... you can read/modify a file even though it has "EVERYONE: DENY" permission set.
This is neither a feature nor a bug of NTFS because, as you have stated you are not using NTFS at all but reading from the disk directly, this always has been possible on any non-encrypted filesystem. the super user has direct hardware access on most OS's (Windows and Linux at least) so they can directly manipulate the hardware this is why things like custom TCP/IP stacks work, they override the OS's mechanisms, because the OS is designed to let you have that control. IMO if the super user could NOT bring back a file with those severely restricted permissions, then _that_ would be the bug as it would be a trivially exploited DoS attack. As for the ZA bug in particular, changing these permissions breaks ZA, the admin could fix it and bring it back, but it would still be a DoS and an effective ZA countermeasure for a virus. ZA, please fix this, the people on this list complaining about it are correct, it does pose a potential problem. -- Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Unsecure file permission of ZoneAlarm pro., (continued)
- Re: Unsecure file permission of ZoneAlarm pro. Maarten (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. bipin gautam (Aug 20)
- RE: Unsecure file permission of ZoneAlarm pro. Sean Crawford (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. Birl (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. Maarten (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 20)
- Re: Unsecure file permission of ZoneAlarm pro. stephane nasdrovisky (Aug 21)
- Re: Unsecure file permission of ZoneAlarm pro. James Tucker (Aug 21)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Chris Smith (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) James Greenhalgh (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. Barry Fitzgerald (Aug 20)
- RE: Unsecure file permission of ZoneAlarm pro. Ron DuFresne (Aug 20)