From owner-freebsd-security Tue Jun 15 8:26: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from ideaglobal.com (ultra2.ideaglobal.com [194.36.20.11]) by hub.freebsd.org (Postfix) with ESMTP id 9692214A2F for ; Tue, 15 Jun 1999 08:25:59 -0700 (PDT) (envelope-from kiril@ideaglobal.com) Received: (from kiril@localhost) by ideaglobal.com (8.9.2/8.9.2) id QAA25879; Tue, 15 Jun 1999 16:19:42 +0100 (BST) From: Kiril Mitev Message-Id: <199906151519.QAA25879@ideaglobal.com> Subject: Re: reading files. To: ni@tellique.de (Juergen Nickelsen) Date: Tue, 15 Jun 1999 16:19:41 +0100 (BST) Cc: dshaw@jabberwocky.com, freebsd-security@FreeBSD.ORG In-Reply-To: <37666E9A.33FB34F9@tellique.de> from "Juergen Nickelsen" at Jun 15, 99 05:17:46 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > David Shaw wrote on freebsd-security: > > > It's true that the NT Administrator can't read files that he doesn't > > have permission for, but since Administrator controls the ACLs, if he > > can't read something, he can trivially just change the permissions and > > give himself access! > > He can't without taking over the ownership of the file, i. e. he can, > but the original owner can tell afterwards. How many people have the habit of checking whether they still are the owner of their files? the check itself is far from point-and-click (regardless of M$ marketing info), and as long as access is allowed (trivial for an admin, once they know how to take over a file), the chances of people spotting it are close to nil. Furthermore, if the files are on an NT server accessed from a 95/98 client, the user cannot see the ACL's (although they still apply on the server side). 'nuff said Did anyone _expect_ VMS in a visual environment w/M$ networking to really work ?????????????? Kiril > > Greetings, Juergen. > > -- > Juergen Nickelsen > Tellique Kommunikationstechnik GmbH > Gustav-Meyer-Allee 25, 13355 Berlin, Germany > Tel. +49 30 46307-552 / Fax +49 30 46307-579 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message