[15493] in bugtraq
Re: Force Feeding
daemon@ATHENA.MIT.EDU (Dimitry Andric)
Tue Jun 27 16:27:08 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-ID: <200006262224220750.001D1371@smtp.xs4all.nl>
Date: Mon, 26 Jun 2000 22:24:22 +0200
Reply-To: Dimitry Andric <dim@XS4ALL.NL>
From: Dimitry Andric <dim@XS4ALL.NL>
X-To: David LeBlanc <dleblanc@MINDSPRING.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3.0.5.32.20000624175853.05960210@pop.mindspring.com>
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2000-06-24 at 17:58 David LeBlanc wrote:
>This is Win9x specific, and although you can generally count on NT
>4.0 having a c:\temp, Win2k has per-user temp directories, which
>complicate this somewhat, and neither c:\temp or c:\windows\temp
>normally exist.
Sorry, but under Win2k you DO have a %SystemRoot%\Temp folder (so
usually that's C:\WINNT\Temp), and the system environment variable
TEMP and TMP are by default set to that directory. This is to prevent
the %SystemRoot% directory from cluttering up with temp files from
services and other system processes (as in NT4).
Maybe it is best to set permissions for any Temp dir as "Creator
Owner: Full Control" only, or as you suggest, even removing the
Execute permission. I fear that might break some legitimate software
though; most installation programs (i.e. InstallShield, Wise) use the
Temp directory to run subcomponents of their install engines.
Cheers,
- --
Dimitry Andric <dim@xs4all.nl>
PGP key: http://www.xs4all.nl/~dim/dim.asc
KeyID: 4096/1024-0x2E2096A3
Fingerprint: 7AB4 62D2 CE35 FC6D 4239 4FCD B05E A30A 2E20 96A3
-----BEGIN PGP SIGNATURE-----
Version: Encrypted with PGP Plugin for Calypso
Comment: http://www.gn.apc.org/duncan/stoa_cover.htm
iQA/AwUBOVet57BeowouIJajEQKIeQCg1e5cAyiW+z6XH1ZddFoErTJqae4AoIsT
TklzMVYWqovNaeYH4SW2Ur7l
=PiCL
-----END PGP SIGNATURE-----
