Bugtraq mailing list archives
Re: Bypassing Inherited Rights Filters in Novell Directory Services.
From: Bob Fiero <bfiero () MENTALFLOSS NET>
Date: Sun, 10 Sep 2000 13:10:23 -0400
At 07:24 PM 9/7/2000 -0700, you wrote:
Here's an example. An administrator, .BOB.ACME, has Supervisor [S] rights to the .ACME container. There is a container, .SECRET.ACME, which BOB should not have any access to.
If you understood NDS sufficiently, you wouldn't give Bob [S] rights to a container where you need to keep him from objects under that container. Regardless of what you do, Bob has [S] rights that you granted him, and those rights can be applied...as in giving himself or any other user access to objects within that container. How is that a bug? Not that I know NDS inside and out or anything...but give [W] Write rights (or any other rights), you can take them away further down the tree...Give [S] rights, that gives a user the ability to change rights on objects within that container. I don't see this as a bug, but perhaps as a mis-understanding of how NDS works. --- The single most effective thing you can do to protect yourself on the Internet...Never use Microsoft products or protocols. Increase your Win98 system speed, stability, and security. Remove IE. http://www.98lite.net
Current thread:
- Bypassing Inherited Rights Filters in Novell Directory Services. FogHorn Security (Sep 07)
- Re: Bypassing Inherited Rights Filters in Novell Directory Services. Bob Fiero (Sep 12)