Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)

[Barrie Dempster <barrie () reboot-robot net>]

On Sun, 2004-08-22 at 20:11, bipin gautam wrote:

> Not really, I've discoverd a NTFS feature (BUG?).
> well... If you have system/administrative privilages
> in a disk.... you can read/modify a file even though
> it has "EVERYONE: DENY" permission set.

This is neither a feature nor a bug of NTFS because, as you have stated
you are not using NTFS at all but reading from the disk directly, this
always has been possible on any non-encrypted filesystem. the super user
has direct hardware access on most OS's (Windows and Linux at least) so
they can directly manipulate the hardware this is why things like custom
TCP/IP stacks work, they override the OS's mechanisms, because the OS is
designed to let you have that control.

IMO if  the super user could NOT bring back a file with those severely
restricted permissions, then _that_ would be the bug as it would be a
trivially exploited DoS attack.

As for the ZA bug in particular, changing these permissions breaks ZA,
the admin could fix it and bring it back, but it would still be a DoS
and an effective ZA countermeasure for a virus. ZA, please fix this, the
people on this list complaining about it are correct, it does pose a
potential problem.
 
-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part