Bugtraq mailing list archives
ref advisory #20000907
From: John McCain <jmccain () POMEROY COM>
Date: Fri, 8 Sep 2000 14:20:20 -0400
Your statements regarding this security "hole" are misleading. While it is true that not watching write rights to ACL's can lead to network problems, anyone who has undergone any level of Netware training knows the extent to which Novell warns against granting broad property write rights, specifically because of the danger of giving someone rights to another object's ACL. Setting a property level IRF on the ACL property would neither be time consuming nor prone to error. The dangers of granting write property rights to ACLs is discussed extensively in the training materials for Novell's CNA certification, their base level of certification. I suggest you review these materials before publishing similar warnings, or availing yourself of someone who has.
Current thread:
- ref advisory #20000907 John McCain (Sep 08)