lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <C6AF3ECACA6E9A46A2CB2FABCDCB35C40CE9AA6D@swilnts810.wil.fusa.com>
Date: Tue, 20 Feb 2007 16:19:30 -0500
From: <Glenn.Everhart@...se.com>
To: <vik@...nd.com>, <full-disclosure@...ts.grok.org.uk>
Subject: Re: Searching chroot-like jail for Windows

There is something called "sandboxie" that seems to do this same kind of thing. Programs run inside the sandbox
can read whatever you allow, but writes get done to other directories so that it is more difficult for a rogue app to corrupt
anything outside the area it is allowed to write to. 
 
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Victor Krapivin
Sent: Tuesday, February 20, 2007 3:54 PM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Searching chroot-like jail for Windows



Hello,




TB> You can duplicate this behavior by using multiple accounts

TB> and using runas (which is essentially, from what I gather, what

TB> winquota does.)




Hmm, it is not the same as I see. WinJail also provides way to re-map such folders like c:\* -> c:\NewPlace\* at file system level for every application, so such process (and all sub-processes) being accessing to c:\* files will use files from c:\NewPlace\* for all file operations instead.




So there is most interesting issue from this tool is ability to make chroot()-like environment, not managing additional permissions ;-) 




Best regards,

 Victor






**********************************************************************
This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you.
**********************************************************************


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ