OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Särs, Camillo (Camillo.SarsF-SECURE.COM)
Date: Thu Nov 22 2001 - 02:11:01 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    >The problem, which has been already reported by Microsoft, is that if
    >you use windows update all temporally installation files are created
    >within the administrator profile directory and then moved to the system
    >directory as a last step.

    [...]

    >Even if there is a Knowledge base file (Article ID: Q307012, I was
    >actually installing direct X 8.1) explaining this behavior in a quite
    >summarized way, I found it a bug that has to be repaired at least for
    >all "windows update" scripts.

    A quote from Q307012:
    "This causes the service pack or hotfix files to be copied to the
    %SystemRoot% folder as encrypted files."

    Not even Microsoft seems to grasp the complicated semantics of "copying vs.
    moving".

    This again brings up the issues regarding ACLs and inherited ACLs under NTFS.
    If a file is *moved* to a system directory, the process that does the move
    should fix any ACLs and attributes (including encryption) before moving it.
    (Well, according to the previous discussions, at least.) This is
    prohibitively difficult, as the process needs to understand all attributes of
    the file that might cause problems. Because of this, I think that the
    sensible thing to do is to always *copy* files into system directories. This
    will ensure that the new copy is created with ACLs that the system
    administrator desires. The installation script can then change these ACLs if
    required.

    I might be out on a limb here, but I would actually go as far as to claim
    that any process that *moves* files out of some temporary directory has got
    the whole thing backwards. Temporary directories in secured installations
    may have very "strange" ACLs. For instance, they would typically allow
    access only for their owner, but possibly allow D for Authenticated users.
    Not what you'd like to see in your system directory.

    Regards,
    Camillo Särs

    Any opinions expressed above are mine, and do not necessarily reflect the
    opinions of my employer. 

    -- 
Camillo Särs <Camillo.SarsF-Secure.com>       http://www.iki.fi/ged/
Security Researcher, F-Secure Corporation      http://www.F-Secure.com

          F-Secure products: Securing the Mobile Enterprise

    ======================================
Delivery co-sponsored by Trend Micro, Inc.
======================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?siS&bi$5&ul=http://www.a
ntivirus.com/smex2000_rebate