Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1998-1999

Re: bug in SP4 Acl Editor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bug in SP4 Acl Editor

To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: Re: bug in SP4 Acl Editor
From: Aaron Wood <awoodCS.WASHINGTON.EDU>
Date: Wed, 28 Apr 1999 13:21:56 -0700
Approved-By: Russ.CooperRC.ON.CA
Reply-To: Aaron Wood <awoodCS.WASHINGTON.EDU>
Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

Just so that I'm on the same page as y'all, have you read the following as
of yet?


From WinntMag UPDATE dated April 6, 1999

* SECURITY CONFIGURATION MANAGER
When you install the Security Configuration Manager (SCM) in Service
Pack 4 (SP4), it replaces the native Windows NT ACL editor. The new ACL
editor is based on the Windows 2000 (Win2K) security model, which
supports dynamic and static security settings. The security model
introduces a new algorithm for how files inherit permissions from their
parent directory (or parent container). The problems below are
associated only with the new ACL Editor. If you have not installed SCM,
you can safely ignore this information. Microsoft Support Online
article Q195509
(http://support.microsoft.com/support/kb/articles/q195/5/09.asp)
documents this problem.



Aaron Wood
Systems Administrator
University of Washington - Seattle Campus
Department of Computer Science and Engineering



-----Original Message-----
From: Michael Webb [mailto:mwebbBINDVIEW.COM]
Sent: Wednesday, April 21, 1999 4:48 PM
To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: bug in SP4 Acl Editor


This doesn't translate into any type of exploit, but it is an interesting
presentation problem
that could be quite misleading.

If you progromatically add a Access Allow Ace to a DACL for a file, such
that the
CONTAINER_INHERITANCE_ACE and OBJECT_INHERIT_ACE flags are set
(thus the ACE really doesn't apply to anything and grants no permissions)
the
SP4 Acl Editor shows that you have what ever permissions where in the Access
Mask
(for example Full Control).

In the test case I used this was the only Ace in the ACL, so really no one
had any
access to the file. I used a pre-SP4 Acl editor and it displayed it
correctly
Everyone (No Access).

I wonder how many other cases there are where ACLs not generated by the ACL
editor might cause problems. This makes you really wonder why the API
doesn't
validate what you are setting.

Michael Webb
Bindview Development
Development Engineer

Prev by Date: NT Security Advisory: Domain user to Domain Admin - Profiles and the Registry
Next by Date: NetBIOS name conflict resolution bug [SP4]: theory & solution
Prev by thread: Re: bug in SP4 Acl Editor
Next by thread: bug in SP4 Acl Editor
Index(es):
- Date
- Thread