Re: FoolProof for PC Exploit

[maxinux () BIGFOOT COM (William Tiemann)]

On Wed, 4 Nov 1998, Krish Jagannathan wrote:

> I figured this much out -- if you are running on FoolProof for the PC
> (Win9x) and you boot up in safe mode (with or without network support) it
> will bypass the FoolProof TSR and enable full privileges, even deleting
> the FoolProof directory.
> ---
> Krish Jagannathan
> krisjag () juno com
> YCHJCYADTKCF

This may be true(infact it is true) but is a sign that your administrator
forgot or did not know about F8.  This was the case at a school i know
that just setup FoolProof, forgot F8, and diskette booting, but that was
negligence.
So here is another problem in foolproof

Bug/flaw:

A bug that for all intensive purposes is a bug.  If you can execute 'echo'
with 4 command line arguments  you can disable (esentially delete)
foolproof.

Implication:

Disable _protection_ (if you can call it that) from FoolProof.

Exploit:
echo Hi > c:\fool95\fooltsr.exe
Do this with every file in the foolproof dir (The install directory may
vary).

Fix:

Run a UN*X os instead of a Microsft product?
Seriously though, I have not looked into side effects(or if even possible)
to disable 'echo', so making all files in the foolproof dir (and elsewere
through out the computer, have not looked for them all) read only so you
_cant_ write to them, but also disable attrib changes.





--   Max Inux <maxinux () openpgp net>  Hey Christy!!! KeyID 0x8907E9E5
Kinky Sex makes the world go round O R Strong crypto makes the world safe
       If crypto is outlawed only outlaws will have crypto
Fingerprint(Photo Also): 259D 59F7 D98C CD73 1ACD 54Ea 6C43 4877 8907 E9E5