Date: Tue, 15 Jun 1999 16:19:41 +0100 (BST) From: Kiril Mitev <kiril@ideaglobal.com> To: ni@tellique.de (Juergen Nickelsen) Cc: dshaw@jabberwocky.com, freebsd-security@FreeBSD.ORG Subject: Re: reading files. Message-ID: <199906151519.QAA25879@ideaglobal.com> In-Reply-To: <37666E9A.33FB34F9@tellique.de> from "Juergen Nickelsen" at Jun 15, 99 05:17:46 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > David Shaw wrote on freebsd-security: > > > It's true that the NT Administrator can't read files that he doesn't > > have permission for, but since Administrator controls the ACLs, if he > > can't read something, he can trivially just change the permissions and > > give himself access! > > He can't without taking over the ownership of the file, i. e. he can, > but the original owner can tell afterwards. How many people have the habit of checking whether they still are the owner of their files? the check itself is far from point-and-click (regardless of M$ marketing info), and as long as access is allowed (trivial for an admin, once they know how to take over a file), the chances of people spotting it are close to nil. Furthermore, if the files are on an NT server accessed from a 95/98 client, the user cannot see the ACL's (although they still apply on the server side). 'nuff said Did anyone _expect_ VMS in a visual environment w/M$ networking to really work ?????????????? Kiril > > Greetings, Juergen. > > -- > Juergen Nickelsen <ni@tellique.de> > Tellique Kommunikationstechnik GmbH > Gustav-Meyer-Allee 25, 13355 Berlin, Germany > Tel. +49 30 46307-552 / Fax +49 30 46307-579 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906151519.QAA25879>