|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: B1/2 and untrustworthy admins
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: B1/2 and untrustworthy admins
- From: Steve Birnbaum <sbirnSECURITY.ORG.IL>
- Date: Sat, 28 Mar 1998 15:17:19 +0300
- Comments: To: Paul Leach <paullemicrosoft.com>
- In-Reply-To: Your message of "Fri, 27 Mar 1998 18:03:17 -0800." <5CEA8663F24DD111A96100805FFE6587031E3CAFred-msg-51.dns.microsoft.com>
- Reply-To: Steve Birnbaum <sbirnSECURITY.ORG.IL>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
> Wow. :-) Yeah, better check for a solar event last night. > Just wondering, but how would B1 or B2 help in the case under discussion? My understanding is that the admin has no direct access to the managing processes, but must go through the security subsystem. Given that, the admin can probably modify system binaries but I see no reason for OS to need the ability to give the admin write access to the audit logs. If the admin can't modify the audit logs, then even if the security subsystem gave them access to modify binaries, there would still be a trail. Still, even given all that I wouldn't log into my own box from an untrusted system, no matter what anyone told me. Steve --- sbirn
- Prev by Date: B1/2 and untrustworthy admins
- Next by Date: Rogue netbios packets?
- Prev by thread: B1/2 and untrustworthy admins
- Next by thread: Rogue netbios packets?
- Index(es):