[8345] in bugtraq
Re: Printer Sharing and M1CR0S0FT Windows98
daemon@ATHENA.MIT.EDU (Caskey L. Dickson)
Fri Oct 30 16:34:28 1998
Date: Wed, 28 Oct 1998 21:30:04 -0800
Reply-To: "Caskey L. Dickson" <caskey@TECHNOCAGE.COM>
From: "Caskey L. Dickson" <caskey@TECHNOCAGE.COM>
X-To: Neale Banks <neale@LOWENDALE.COM.AU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.05.9810281632400.27233-100000@marina.lowendale.com.au>
On Wed, 28 Oct 1998, Neale Banks wrote:
> > It seems that when you share a printer in windows 98, it'll create a
> > share called "PRINTER$" - which is actually your C:\Windows\System directory.
> > It is not password protected and you can view everything in your C:\Windows\System directory... even if your printer is shared with a password.
>
> IIRC, this has been around for a long time (not that it excuses its
> persistence) - the excuse, FWIW, being that the share is used to export
> the printer's drivers.
This share does not share everything per se. Rather it appears to be
somehow selective. For example, the password lists (username.pwl) are not
shared, neither are many of the directories under there. The
sub-directories that were shared on my system were:
VMM32
IOSUBSYS
COLOR
IE4Setup
The first two contain VXDs (virtual device drivers I believe). The second
contains .ICM files, I don't know what they are. While the last contains
a directory named plugins and a single DLL. I believe we did an uninstall
of IE on this machine so perhaps it used to have the install software for
IE on it. That would be a nice feature, automatically share your install
software for IE.
Simply placing a file in that directory named x.dll isn't sufficient to
enable it's appearance in the list. The entry must be elsewhere, perhaps
the registry.
Easy way to make a difficult-to-detect trojan, add more files to the share
list under PRINTER$ then quitely take the files when nobody is looking.
> If MS really _must_ do this, then it would it not be smarter to put the
> printer drivers in a separate directory and export that?
I would tend to agree with you there.
C=)
--------------------------------------------------------------------------
Heuer's Law: Any feature is a bug unless it can be turned off.
--------------------------------------------------------------------------
Caskey <caskey*technocage.com> /// pager.818.698.2306
TechnoCage Inc. ///| gpg: aiiieeeeeee!!!
--------------------------------------------------------------------------
Early bird gets the worm, but the second mouse gets the cheese.
