| Subject | RE: [IBDI] Path on win NT 4.0 => INTERBASE SECURITY HOLE |
|---|---|
| Author | Claudio Valderrama C. |
| Post date | 2000-06-01T03:11:09Z |
> -----Original Message-----If your C: drive has permissions set for the user under which IB is
> From: Fabrice Vendé - INFOCOB [mailto:fabrice@...]
> Sent: Miércoles 31 de Mayo de 2000 8:30
>
> Isn't it a security hole ?
> On my interbase client I can create a database on the NT server with :
> severname:c:\test.dll
running, then you can. However, privileges to write to the root of a
partition should be removed. You should follow basic NT safety practices,
even if we agree that default NT permissions are too open to many classes of
attacks.
Assuming you did that, now what follows? When trying to load this library,
NT notices the file has not the signature for a valid shared library. How do
you replace the gdb camouflaged under test.dll by a real dll?
> It is easy to create a database with these names:Sure? Have you tried? Sir, please test before shouting, because NT won't
> servername:c:\winnt\system32\kernel32.dll !!!!!!!!
> or servername:c:\winnt\profiles\administrator\ntuser.dat !!!
let you do so:
- To replace kernel32.dll (and other criticals DLLs), you should rename it
first. This is the general rule. In the worst case, you need to put the new
dll in some place and make an entry on the registry, under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RenameFiles
so the next time NT boots, it replaces the critical file before locking it.
Not all DLLs can be replaced by simply renaming them and then deleting them.
IB has no way to write to the registry by means of an user call, unless you
have some UDF to do that work.
- To replace ntuser.dat, there's an utility in the NT Reskit to replace
these *.dat files and is used with an script to do a sweeping of the empty
space in the registry, the same way an IB database gets rid of old record
versions. Simply put, you cannot replace registry files directly, try for
yourself. NT takes exclusive control of all the files that make up the
registry database.
> With the administrator password (just the right to create a database) ofAs you can see, not as easy. There's a security hole in the sense of your
> interbase it's easy to crash a NT server ?!
users discovering the real location of the db, but you are advised to run IB
under a non-privileged user so you can restrict permissions to that user. NT
can't be crashed as easily as you suggest, specially if you run under
another user and not the System account.
If you say that you can't restrict permissions because you're using FAT and
not NTFS for example, then there's no much to continue this discussion,
because with FAT even a flea can touch your files.
I agree there's a security hole, but there are known ways to lower the
threat. Any service exposed to the net that can be exploited by means of a
buffer overflow or an unrestricted dangerous command, can trash the server
in the same form.
C.