[8483] in bugtraq
Re: FoolProof for PC Exploit
daemon@ATHENA.MIT.EDU (William Tiemann)
Tue Nov 10 16:14:20 1998
Date: Mon, 9 Nov 1998 20:23:07 -0800
Reply-To: William Tiemann <maxinux@BIGFOOT.COM>
From: William Tiemann <maxinux@BIGFOOT.COM>
X-To: Krish Jagannathan <krisjag@JUNO.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981104.203613.-974293.0.krisjag@juno.com>
On Wed, 4 Nov 1998, Krish Jagannathan wrote:
>I figured this much out -- if you are running on FoolProof for the PC
>(Win9x) and you boot up in safe mode (with or without network support) it
>will bypass the FoolProof TSR and enable full privileges, even deleting
>the FoolProof directory.
>---
>Krish Jagannathan
>krisjag@juno.com
>YCHJCYADTKCF
This may be true(infact it is true) but is a sign that your administrator
forgot or did not know about F8. This was the case at a school i know
that just setup FoolProof, forgot F8, and diskette booting, but that was
negligence.
So here is another problem in foolproof
Bug/flaw:
A bug that for all intensive purposes is a bug. If you can execute 'echo'
with 4 command line arguments you can disable (esentially delete)
foolproof.
Implication:
Disable _protection_ (if you can call it that) from FoolProof.
Exploit:
echo Hi > c:\fool95\fooltsr.exe
Do this with every file in the foolproof dir (The install directory may
vary).
Fix:
Run a UN*X os instead of a Microsft product?
Seriously though, I have not looked into side effects(or if even possible)
to disable 'echo', so making all files in the foolproof dir (and elsewere
through out the computer, have not looked for them all) read only so you
_cant_ write to them, but also disable attrib changes.
-- Max Inux <maxinux@openpgp.net> Hey Christy!!! KeyID 0x8907E9E5
Kinky Sex makes the world go round O R Strong crypto makes the world safe
If crypto is outlawed only outlaws will have crypto
Fingerprint(Photo Also): 259D 59F7 D98C CD73 1ACD 54Ea 6C43 4877 8907 E9E5