Bugtraq mailing list archives

Re: NMRC Advisory - Default NDS Rights

From: mbaker () COMTECH COM AU (M. Baker)
Date: Sun, 20 Sep 1998 14:03:45 +1000


Very true.

Everyone get's [B]rowse object rights from the fact that they are included
as a member of the [PUBLIC] trustee which covers everyone authenticated and
those that are not. Your workaround was a little inaccurate. Just removing
the [PUBLIC] trustee as a trustee of [Root] will remove NDS functionality
of your users. What I suggest to most people is that they remove the
[PUBLIC] trustee and then make [Root] a trustee of itself and then give
[Root] Browse rights to itself. This gives users the ability to browse the
tree, not loose any functionality. Now they have to authenticate to see the
tree rather than just attaching.
Hope this clears things up.

BTW I wouldn't class this as a security problem, depending on your site you
may want [PUBLIC] to be a trustee of [ROOT] if you don't want that do what
I stated above.



Michael

Current thread:

Re: NMRC Advisory - Default NDS Rights costello, don (Sep 19)
- Re: NMRC Advisory - Default NDS Rights Simple Nomad (Sep 19)
- Re: NMRC Advisory - Default NDS Rights Bernd Eckenfels (Sep 19)
- Vulnerability in Lyris Listserver Jimmy Lee Alderson (Sep 19)
- Re: NMRC Advisory - Default NDS Rights Randy Richardson (Sep 20)
- <Possible follow-ups>
- Re: NMRC Advisory - Default NDS Rights M. Baker (Sep 19)