lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 15 Apr 2003 17:51:36 +0200
From: "Nicolas RUFF (lists)" <ruff.lists@...lweb.fr>
To: bugtraq@...urityfocus.com
Subject: Oddities in Windows ACL inheritance


	Hi all,

Let's have a look at Windows 2000/XP ACL inheritance oddities :
1/ Create a new file named "test.txt"
2/ Break ACL inheritance and apply custom ACL
3/ Rename "test.txt" to "othertest.txt"
4/ Check that ACL has not changed

Now :
1/ Use REGEDIT and create a new key (in HKCU for example) named "key"
2/ Break ACL inheritance and apply custom ACL
3/ Rename "key" to "newkey"
4/ ACL has been reseted and is now inherited from parent !

It looks like the "rename" paradigm does not make sense for registry 
keys and REGEDIT has to create a new key, copy values, and delete the 
old key.

Bug or feature ?

Regards,
- Nicolas RUFF
-----------------------------------
Security Consultant
EdelWeb (http://www.edelweb.fr/)
Mail : nicolas.ruff@...lweb.fr
-----------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ