[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    NT 4.0 default permissions
From:       Dan Shearer <itudps () lux ! levels ! unisa ! edu ! au>
Date:       1996-09-25 21:21:41
[Download RAW message or body]

I do not think this is a bug in the normal sense of the word, ie I think
that this message describes NT the way it was designed to be. Nevertheless
I suspect that people on this list would be glad of the information.

If you install an NT 4.0 workstation or server, the default permissions
on the system partition as reported by Explorer are:

   Everyone     Full Control (All) (All)

This means that building a secure, restricted-use workstation is
difficult, and that if a server becomes compromised at the share level (eg
through SMB bugs) there is no underlying file permission protection. Note
that the group Everyone includes the unpassworded Guest account (which
should always be regarded with great suspicion in any case.)

There have been several recipes developed for tightening up the security
of NT 3.51 file permissions which list what files can and cannot be
restricted. It seems that similar recipes need to be developed for NT
4.0, starting from scratch.

--
 Dan Shearer                            email: Dan.Shearer@UniSA.edu.au
 Information Technology Unit            Phone: +61 8 302 3479
 University of South Australia          Fax  : +61 8 302 3385

[prev in list] [next in list] [prev in thread] [next in thread]