Bugtraq mailing list archives
Re: IE5 allows executing programs
From: jjohanss () BU EDU (Jesper M. Johansson)
Date: Wed, 8 Sep 1999 15:54:20 -0400
The other thing is that the default install for NT (especially on HP's) is FAT,Wrong. That could be how that manufacturer sets up _some_ of their machines, but it isn't default for NT install.Micron and Intergraph also install NT on FAT when they ship it to you.
I can't think of many manufacturers that don't, and the majority of them don't like it if you convert it. Gateway, for example, refuses completely to support any aspect of NT running on NTFS on their systems. They even went so far as to try to void the warranty on one system we bought from them because it was running NTFS. The problem with this area, and what makes so many systems vulnerable, is that OEMs refuse to ship their systems with NTFS partitions. They won't do it because it is too difficult for them to walk someone through a repair if they can't get to the boot partition with a dos disk. Since most people don't know the difference between NTFS and FAT (or a hole in the ground for that matter) most partitions never get converted, leaving these systems open to holes like this one. This is a big problem. Hopefully, the ER boot option in Win2K will solve some of this, since it enables OEMs to easily walk people through repairs.
If I recall correctly (I've only installed NT five or six times), if you later convert to NTFS (without reinstalling), you carry over the FAT permissions: "Full Control" for "All Users" on everything.
FIXACLS.EXE (NTResKit Supplement 2) will fix that. See Q157963 for more details.
Most people who don't know what NTFS is are still using it if they are running NT.Are there manufacturers that ship NT with NTFS by default?
Only on servers AFAIK. Dell ships its workstations with a menu item for "converting C to NTFS," which is just a shortcut to convert. That's the best I've seen so far. Jesper M. Johansson jjohanss () bu edu Editor, SANS NT Digest MCSE , MCP + I
Current thread:
- Re: IE5 allows executing programs, (continued)
- Re: IE5 allows executing programs Jim Frost (Sep 01)
- Re: IE5 allows executing programs David LeBlanc (Sep 01)
- Re: IE5 allows executing programs Brad Griffin (Sep 02)
- Re: IE5 allows executing programs David LeBlanc (Sep 07)
- re, anti btrom Martin Markovitz (Sep 08)
- Re: IE5 allows executing programs Paul L Schmehl (Sep 08)
- SDI AMD remote exploit for RH linux Thiago (Sep 02)
- Re: IE5 allows executing programs J MacCraw (Sep 07)
- Re: IE5 allows executing programs Jesper M. Johansson (Sep 08)
- Re: IE5 allows executing programs SysAdmin (Sep 08)
- Re: IE5 allows executing programs Haxor, Wikit (Sep 16)
- Two SuSE 6.2 local root exploits Brock Tellier (Sep 16)
- SuSE 6.2 /usr/bin/sccw read any file Brock Tellier (Sep 16)
- Fw: CERT Advisory CA-99.12 - Buffer Overflow in amd morex (Sep 16)
- More fun with WWWBoard David Weins (Sep 17)
- Re: More fun with WWWBoard Chris Ridd (Sep 20)
- Re: More fun with WWWBoard Mark Jeftovic (Sep 21)
- Re: More fun with WWWBoard Patrick Oonk (Sep 22)
- Re: More fun with WWWBoard Speed (Sep 24)