Vulnerability Development mailing list archives
Re: Windows NT does not check permissions after HANDLEs are open
From: Thor () HammerofGod com
Date: Thu, 30 Aug 2001 06:39:33 -0700
permissions. Therefore, if is possible to retain access to an object after
the Create/Owner or an administrator has changed >the ACL simply by maintaining an open handle. If the requestor is a service or server-program that is expected to run 24/7 >the object will remain accessible long after the ACL has been altered [thing ISAPI,extended stored procedures, et al]. I believe that in domain environments, where the "Enforce user logon restrictions" setting (Under Kerberos Policy) is enabled by default, this kind of thing is mitigated by forcing a check against the "access computer from network" permissions each time a session key is requested. Is that different than you have found? I know that a "deny access" works instantly, but you would then have to take an extra step there... This worked in my config, anyway. Of course, if they were already granted a session key for the resource, then I think you are right. You would have to force a disconnect with logon time restrictions otherwise... Then again, I wonder what would happen after the default lifetime for a user ticket expired (10 hours), and the access tokens were renewed? Hmmm. Later man! AD
Current thread:
- Windows NT does not check permissions after HANDLEs are open c0ncept (Aug 29)
- Re: Windows NT does not check permissions after HANDLEs are open Blue Boar (Aug 29)
- Re: Windows NT does not check permissions after HANDLEs are open Syzop (Aug 30)
- Re: Windows NT does not check permissions after HANDLEs are open Thor (Aug 30)
- <Possible follow-ups>
- RE: Windows NT does not check permissions after HANDLEs are open Michael Wojcik (Aug 30)