[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    Re: Security reduction FTP service on NT4
From:       Neil McKellar <mckellar () PLANET ! EON ! NET>
Date:       1998-09-08 15:32:08
[Download RAW message or body]

Tim Chilton wrote:
> Under NT4, with FTP from IIS installed, you need an additional "log on
> locally" privileges before you can even connect to the server - (look at
> the default privs for the I_USR_<hostname> account).

This 'log on locally' priv setting is also required if you intend to
password protect pages under the IIS 4.0 web service.  This requirement
is troublesome in other ways than the 'physical security' ones raised
above.

Here's an example which isn't even outlandish:

NT Server running IIS 4.0
FTP is available for remote customers to upload web pages
web is available to IUSR_<host> to view the web pages (i.e. the public)

Customer wishes to password protect one directory on the web site under
their upload area using a different ID than the one they use for FTP.

In order for this to work, I must create the second ID and grant it the
'log on locally' priv.  This means the ID also has FTP access and now
I have to muck about trying ensure that the ID doesn't have access to
anything critical -- like the ability to modify the customer's pages.

It seems strange to me that there is no mechanism for me to be able to
deny people access to the box via one path and grant access via a
*different* path.  I'd rather, for instance, that the second ID in the
example above didn't have FTP access at all, but this isn't possible as
far as I can see.
--
Neil McKellar (mckellar@planet.eon.net)

[prev in list] [next in list] [prev in thread] [next in thread]