From owner-freebsd-security Tue Jun 15 10:20:54 1999 Delivered-To: freebsd-security@freebsd.org Received: from phoenix (phoenix.aye.net [198.7.192.5]) by hub.freebsd.org (Postfix) with SMTP id D919815374 for ; Tue, 15 Jun 1999 10:20:44 -0700 (PDT) (envelope-from barrett@phoenix.aye.net) Received: (qmail 14200 invoked by uid 1000); 15 Jun 1999 17:20:13 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 15 Jun 1999 17:20:13 -0000 Date: Tue, 15 Jun 1999 13:20:13 -0400 (EDT) From: Barrett Richardson To: Juergen Nickelsen Cc: David Shaw , freebsd-security@FreeBSD.ORG Subject: Re: reading files. In-Reply-To: <37666E9A.33FB34F9@tellique.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 15 Jun 1999, Juergen Nickelsen wrote: > David Shaw wrote on freebsd-security: > > > It's true that the NT Administrator can't read files that he doesn't > > have permission for, but since Administrator controls the ACLs, if he > > can't read something, he can trivially just change the permissions and > > give himself access! > > He can't without taking over the ownership of the file, i. e. he can, > but the original owner can tell afterwards. > Out of curiosity, can the owner's files be backed up via tape or some other means? If so, couldn't an admin achieve the same access via an API or some other mechanism? -- Barrett Richardson barrett@phoenix.aye.net > Greetings, Juergen. > > -- > Juergen Nickelsen > Tellique Kommunikationstechnik GmbH > Gustav-Meyer-Allee 25, 13355 Berlin, Germany > Tel. +49 30 46307-552 / Fax +49 30 46307-579 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message