[3397] in bugtraq
Re: NT 4.0 default permissions
daemon@ATHENA.MIT.EDU (Igor Chudov @ home)
Wed Sep 25 22:14:01 1996
Date: Wed, 25 Sep 1996 18:03:17 -0500
Reply-To: Igor Chudov <ichudov@algebra.com>
From: "Igor Chudov @ home" <ichudov@algebra.com>
X-To: laverty@matrixNet.com
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <2.2.32.19960925193244.00929754@sunrise.matrixnet.com> from "Jim
Laverty" at Sep 25, 96 03:32:44 pm
Jim Laverty wrote:
>
> This only applies if the drive is shared. If you go into the properties
> dialog for your NT drive. Select the "Security" tab and select
> "Permissions". Check off the "Replace permissions on subdirectories" option
> and change the "Everyone" permissions to whatever you feel like dealing
> with. Also do not overuse the Auditing capabilities on "Everyone". It can
> dramatically slow down your NT sessions.
>
> At 09:21 PM 9/25/96 +0930, Dan Shearer wrote:
> >I do not think this is a bug in the normal sense of the word, ie I think
> >that this message describes NT the way it was designed to be. Nevertheless
> >I suspect that people on this list would be glad of the information.
> >
> >If you install an NT 4.0 workstation or server, the default permissions
> >on the system partition as reported by Explorer are:
> >
> > Everyone Full Control (All) (All)
> >
> >This means that building a secure, restricted-use workstation is
> >difficult, and that if a server becomes compromised at the share level (eg
The full control permissions also apply to a lot of system binaries
(like the "hint" program for example). Accordingly, these programs
can be replaced by trojan horses. I have no idea why Microsoft (spit)
has decided to set such dumb permissions, but I wonder how such
configuration could be C2 certified.
- Igor.
