> -----Original Message-----
> From: Jason Lopes [mailto:Jason (at) rga (dot) com [email concealed]]
> Sent: Tuesday, October 29, 2002 8:59 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: RE: WINNT security priviledge escalation attack
>
>
> I believe that if you format the drive during OS installation
> the default
> is:
>
> Quote --
> WINNT is writeable by Power Users and
> Administrators, while normal users have only read and execute
> access. Similarly, on a Win2K server I just checked out,
> Server Operators and Administrators have write access, but
> again normal users can only read and execute.
> End Quote --
>
> but if you install the OS as a fat partition and convert it I
> believe Everyone gets full control across the board.
>
Installing Win2K or WinNT on a FAT partition is just a Bad Idea(tm) if
you want your system to be secure. This isn't the only issue that
converting from FAT or having FAT partitions on your system creates.
Bottom line is for a secure Windows server or workstation, FAT is right
out. The operating system can't protect resources properly on a FAT
partition.
> -----Original Message-----
> From: Jason Lopes [mailto:Jason (at) rga (dot) com [email concealed]]
> Sent: Tuesday, October 29, 2002 8:59 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: RE: WINNT security priviledge escalation attack
>
>
> I believe that if you format the drive during OS installation
> the default
> is:
>
> Quote --
> WINNT is writeable by Power Users and
> Administrators, while normal users have only read and execute
> access. Similarly, on a Win2K server I just checked out,
> Server Operators and Administrators have write access, but
> again normal users can only read and execute.
> End Quote --
>
> but if you install the OS as a fat partition and convert it I
> believe Everyone gets full control across the board.
>
Installing Win2K or WinNT on a FAT partition is just a Bad Idea(tm) if
you want your system to be secure. This isn't the only issue that
converting from FAT or having FAT partitions on your system creates.
Bottom line is for a secure Windows server or workstation, FAT is right
out. The operating system can't protect resources properly on a FAT
partition.
Regards,
Corey Snow
[ reply ]