Full Disclosure mailing list archives
Re: Keeping IE up to date on a Windows Server
From: petard <petard () sdf lonestar org>
Date: Thu, 11 Sep 2003 15:54:48 +0000
On Fri, Sep 12, 2003 at 12:05:46AM +1200, Nick FitzGerald wrote:
(And, if you cannot trust your admins to not surf the web from your servers (or don't know), why not limit their access to iexplore.exe and audit all changes to this file, its ACLs, etc? After all, it is little more than a window manager providing displays for the output of the various *ML parsers, "security" and script engines, etc, etc that are implemented in a bunch of DLLs and ActiveX controls and whose use by other processes should be unaffected by the permissions set on the IE executable itself...)
That's a useless precaution. Start explorer.exe and type a url into the location bar. iexplore.exe is never touched. If you can't trust admins not to surf from your servers, suggest to them that they need to choose another line of work. HTH petard _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Keeping IE up to date on a Windows Server Meeusen, Charles D (Sep 10)
- Re: Keeping IE up to date on a Windows Server Nick FitzGerald (Sep 11)
- Re: Keeping IE up to date on a Windows Server petard (Sep 11)
- Re: Keeping IE up to date on a Windows Server Jeremiah Cornelius (Sep 11)
- Re: Keeping IE up to date on a Windows Server Jay Sulzberger (Sep 11)
- Re: Keeping IE up to date on a Windows Server petard (Sep 11)
- Re: Keeping IE up to date on a Windows Server Nick FitzGerald (Sep 11)