| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Aug 2006 07:54:13 +0545 From: "Bipin Gautam" <gautam.bipin@...il.com> To: "Paul Schmehl" <pauls@...allas.edu> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: when will AV vendors fix this??? > > > This is similar to the problem of alternative data streams. > Essentially, the work needed to solve this problem isn't worth the > expenditure of time and effort, because the file, in order to infect the > system, has to be executed. Once the file is executed "normal" > on-access scanning will catch the exploit *if* it is known. (If it's > unknown, it doesn't matter anyway.) Yes, on-demand scanning won't "see" > the file, but even malicious files are benign until they are run. > i still insist, it might be a minor glitch to NOT ALLOW even admins to access a private file directly, but it isn't an issue with windows at all!!! I thought the the files should be accessed via "SeTcbPrivilege" BUT it doesn't. )O; but hey, most of "the file undelete utilities" already do this..... if you try reading/copying a EXISTING file (via sys admin privilage) using (say Restorer2000 Demo) it effectively bypasses file permission regardless if it...... & can read the file! there must be another undocumented? API doing this??? another note, even WINDOWS ONECAIR is pron to this bug. -bipin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists