| Subject | Re: [IBDI] Path on win NT 4.0 => INTERBASE SECURITY HOLE |
|---|---|
| Author | Nando Dessena |
| Post date | 2000-05-31T13:25:49Z |
Fabrice,
run under a non-privileged account (one of the next versions, that is);
that should help closing the hole.
Nando
> On my interbase client I can create a database on the NT server with :It has been said in the Architect list that the InterBase Server should
> severname:c:\test.dll
>
> It is easy to create a database with these names:
> servername:c:\winnt\system32\kernel32.dll !!!!!!!!
> or servername:c:\winnt\profiles\administrator\ntuser.dat !!!
>
> With the administrator password (just the right to create a database) of
> interbase it's easy to crash a NT server ?!
run under a non-privileged account (one of the next versions, that is);
that should help closing the hole.
Nando