|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Corey Snow (Corey.Snow_at_us.logical.com)
Date: Wed Oct 30 2002 - 11:18:17 CST
> -----Original Message-----
> From: Jason Lopes [mailto:Jason
rga.com]
> Sent: Tuesday, October 29, 2002 8:59 AM
> To: focus-mssecurityfocus.com
> Subject: RE: WINNT security priviledge escalation attack
>
>
> I believe that if you format the drive during OS installation
> the default
> is:
>
> Quote --
> WINNT is writeable by Power Users and
> Administrators, while normal users have only read and execute
> access. Similarly, on a Win2K server I just checked out,
> Server Operators and Administrators have write access, but
> again normal users can only read and execute.
> End Quote --
>
> but if you install the OS as a fat partition and convert it I
> believe Everyone gets full control across the board.
>
Installing Win2K or WinNT on a FAT partition is just a Bad Idea(tm) if
you want your system to be secure. This isn't the only issue that
converting from FAT or having FAT partitions on your system creates.
Bottom line is for a secure Windows server or workstation, FAT is right
out. The operating system can't protect resources properly on a FAT
partition.
Regards,
Corey Snow
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]