[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: IIS 4.0 symlinks
From:       "Branden R. Williams" <brw () NETVITALITY ! NET>
Date:       1999-06-22 15:13:45
[Download RAW message or body]

On Fri, 18 Jun 1999, Aris Yahnis wrote:

> Find a web hosting site,create a fictious account , make a shortcut of a
> file you would like to see ex.
> c:\winnt\profiles\administrator\ntuser.dat upload the .lnk file to the
> web server and then go ask for it.  Answer yes to open the file remotely
> ( or something like that).
>
> Now the q: Is it a feature of IIS to follow links? or is it a bug.

I am not sure of Microsoft's opinion on this, but here is mine.

The ability to follow links should be a feature to be enabled on a per
website basis.  I currently work very closely with Apache, as it runs on
many of my *nix servers.  This is something Apache can be configured to do
on a global, or per site basis.  I find this very useful on sites that I
administer when trying to save time or increase functionality.

A customer's site will not have this feature enabled because of the
security risks, but I don't see why those of us administering the servers
should not be able to have some fun :).

Of course, the general caveat to the *nix version of this, is that the
file to be requested must be readable by the webserver.  So files like
/etc/shadow could not be displayed in most server configurations, but
files like /etc/passwd could be.  This is the main reason why customers do
not have the ability to use this feature.

Maybe the real question is, "Should NT allow the webserver to read files
that could cause someone to exploit a security hole?"  Or maybe "Should
those NT Administrators allow the user IIS run's under to view these
files."

Just my $0.02.

Cheers,

Branden R. Williams <brw@netvitality.net>
Vice President, Systems - NetVitality, Inc.
http://www.netvitality.net/
Internet Commerce Specialists

[prev in list] [next in list] [prev in thread] [next in thread]