lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: james.greenhalgh at worldpay.com (James Greenhalgh)
Subject: Unsecure file permission of ZoneAlarm pro.
 (ZA will fail to load)

Chris Smith wrote:
> On Mon, 23 Aug 2004 07:11, bipin gautam wrote:
> 
>>Not really, I've discoverd a NTFS feature (BUG?).
>>well... If you have system/administrative privilages
>>in a disk.... you can read/modify a file even though
>>it has "EVERYONE: DENY" permission set.
> 
> 
> OMFG!! REISERFS HAS THE SAME EXPLOIT!!!!
> 
> CHECK OUT MY POC!
> 
> chris@...is h4x0r $ echo "bipin sucks" >> hax
> chris@...is h4x0r $ chmod -rwx hax
> chris@...is h4x0r $ ls -alo hax
> ----------  1 chris 12 Aug 23 21:58 hax
> chris@...is h4x0r $ cat hax
> cat: hax: Permission denied
> chris@...is h4x0r $ sudo cat hax
> bipin sucks
> chris@...is h4x0r $

Chris - it's worse than we thought.  Looks like EXT3 suffers the same 
problem:

jamesgr@...dius:~> echo "4m cl3v4r" >> wtf
jamesgr@...dius:~> chmod -rwx wtf
jamesgr@...dius:~> ls -l wtf
----------  1 jamesgr users 10 2004-08-23 12:01 wtf
jamesgr@...dius:~> su
Password:
gradius:/home/jamesgr # cat wtf
4m cl3v4r
gradius:/home/jamesgr #

Obviously they must both be derived from the same code.  An IBM employee 
has clearly contributed this code simultaneously to BSD (which Microsoft 
has innocently used) and Linux, copied from UNIX(R) source which SCO owns!

THE SKY IS FALLING!  Please don't hurt me SCO!


Powered by blists - more mailing lists