Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Deny access to copy files

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 24 Jun 2008 16:03:56 +0200
On 2008-06-24 Shreyas Zare wrote:

On Mon, Jun 23, 2008 at 11:41 PM, Michael P. Carter wrote:

When any file is accessed the security parameters for that file are
also read & loaded.


But once the file data is in a program's buffer then there are no
permissions inherited from the file for that memory. Even if you
design such an system, its trivial to write 2 separate process, first
process will read file data and pass it to other process by using
COM/DCOM or just TCP/IP sockets and the second process will write the
data in a new file.


Long story short: there is no way for the filesystem to enforce this
kind of permission, meaning that it'd be utterly pointless to implement
this kind of permission in the filesystem. Either you'd have to
implement it as some kind of privilege (which are not tied to files in
Windows' security concept) or you'd have to munge different security
layers, which is less than desirable.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
Previous By Date Next
Previous By Thread Next

Current thread: