Bugtraq mailing list archives
Re: Inherent weaknesses in NT system policies
From: listuser () SEIFRIED ORG (Kurt Seifried)
Date: Fri, 19 Feb 1999 11:25:14 -0700
There are certain key vulnerabilities in NT's System Policies that allow most restrictions to be by-passed. For instance, although Registry Editing tools can be disabled this restriction can be avoided with ease, but more
on
that later. Consider a restrictive user System Policy where the user's shell is Explorer.exe and it only allows the Microsoft Word application
(winword.exe)
to be run. It is launched from an icon on the desktop. This is the only
icon
present. So the user can perform their work, write documents and save them, they are give write NTFS permissions only to their profile directory. The Registry editing tools have been disabled. This policy can be broken in a matter of minutes:
As any good little MCSE learns: Give the full pathname to the programs you want to allow them to run. This makes it a lot safer. There are ways around even this of course. NT is not secure against a determined user, just boot from a floppy and replace the registry if you really want to. I haven't looked in depth yet but MSIE 5.0 comes with it's own policy restrictions/etc (quite a few actually), I'm not 100% sure how they interact with NT's user policies/etc, but once I get a chance to play with it some more I'll post that up. -seifried, MCSE https://www.seifried.org/
Current thread:
- Re: Inherent weaknesses in NT system policies Kurt Seifried (Feb 19)