[18766] in bugtraq
Re: BugTraq: EFS Win 2000 flaw
daemon@ATHENA.MIT.EDU (Attonbitus Deus)
Tue Jan 23 19:14:06 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <002d01c0856c$091cd2e0$af05a8c0@anchorsign.com>
Date: Tue, 23 Jan 2001 10:40:41 -0800
Reply-To: Thor@HAMMEROFGOD.COM
From: Attonbitus Deus <Thor@HAMMEROFGOD.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> So to suggest that your perceived EFS flaw can be resolved by over-writing
> is naive. The only solution is to encrypt in memory or use some removable
> partition as the temp space.
>
I agree with the use of 'percevied' in this case. Though the behavior is
interesting in regard to the creation of the unencrypted .tmp file, I
believe this more of a procedural issue than an implementation one.
Recommended EFS procedures call for the encryption of a direcory, not
file-by-file as the procedure indicated by Berglind suggests. If you copy an
unencrypted file and paste it into an encrypted directory, the file and the
temporary file are both encrypted.
This is actually covered in the docs regarding EFS.
HTH.
---------------------------------
Attonbitus Deus
Thor@HammerofGod.Com
