Re: reporting local security problems for WinNT (Re: Escalation of privileges)

["William D. Colburn (aka Schlake)" <wcolburn () NMT EDU>]

On Tue, Aug 08, 2000 at 11:45:26AM -0700, David LeBlanc wrote:
> The general issue here is that any file that is going to be run as a
> service really must be secured. IMNSHO, it is the responsibility of the
> person writing the install routine to verify that the directory where the
> files will be placed is secure, and if the default for that directory isn't
> appropriate, then set the permissions upon creating the directory. Same
> thing for registry permissions.

Checking permissions at install time isn't sufficient.  They may change
later, and never be caught.  The program should verify the integrity of
the system as often as possible.  Sendmail does a really good job of
checking permissions on everything every time it does something.  It may
slow things down some, but it also finds problems when they happen.

As an example, I'll use the /etc directory on my mail server.  Someone
here wanted to edit something without having to su to root each time, so
he chmodded /etc to be group writable and owned by our staff group.
Sendmail complained so I chowned/chmodded it to make it safe.  Some time
later he noticed this had happened and chowned/chmodded it back.  Right
away sendmail figured this out, and started complaining again.  If
sendmail had only checked at installation time this could have been
broken for a long time.  As it was, it was only that way for a very
short time until I noticed.

--
William Colburn, "Sysprog" <wcolburn () nmt edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn