Re: Printer Sharing and M1CR0S0FT Windows98

From: Caskey L. Dickson (caskeyat_private)
Date: Wed Oct 28 1998 - 21:30:04 PST

Next message: Darren Reed: "Firewall-1 insecurity."

Previous message: brian j. pardy: "Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice)"
Maybe in reply to: enaydat_private: "Printer Sharing and M1CR0S0FT Windows98"
Next in thread: Ryan Russell: "Re: Printer Sharing and M1CR0S0FT Windows98"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 28 Oct 1998, Neale Banks wrote:

> >         It seems that when you share a printer in windows 98, it'll create a
> > share called "PRINTER$" - which is actually your C:\Windows\System directory.
> > It is not password protected and you can view everything in your C:\Windows\System directory... even if your printer is shared with a password.
>
> IIRC, this has been around for a long time (not that it excuses its
> persistence) - the excuse, FWIW, being that the share is used to export
> the printer's drivers.

This share does not share everything per se.  Rather it appears to be
somehow selective.  For example, the password lists (username.pwl) are not
shared, neither are many of the directories under there.  The
sub-directories that were shared on my system were:

  VMM32
  IOSUBSYS
  COLOR
  IE4Setup

The first two contain VXDs (virtual device drivers I believe).  The second
contains .ICM files, I don't know what they are.  While the last contains
a directory named plugins and a single DLL.  I believe we did an uninstall
of IE on this machine so perhaps it used to have the install software for
IE on it.  That would be a nice feature, automatically share your install
software for IE.

Simply placing a file in that directory named x.dll isn't sufficient to
enable it's appearance in the list.  The entry must be elsewhere, perhaps
the registry.

Easy way to make a difficult-to-detect trojan, add more files to the share
list under PRINTER$ then quitely take the files when nobody is looking.

> If MS really _must_ do this, then it would it not be smarter to put the
> printer drivers in a separate directory and export that?

I would tend to agree with you there.

C=)

--------------------------------------------------------------------------
    Heuer's Law: Any feature is a bug unless it can be turned off.
--------------------------------------------------------------------------
Caskey <caskey*technocage.com>       ///                pager.818.698.2306
TechnoCage Inc.                     ///|               gpg: aiiieeeeeee!!!
--------------------------------------------------------------------------
    Early bird gets the worm, but the second mouse gets the cheese.

Next message: Darren Reed: "Firewall-1 insecurity."
Previous message: brian j. pardy: "Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice)"
Maybe in reply to: enaydat_private: "Printer Sharing and M1CR0S0FT Windows98"
Next in thread: Ryan Russell: "Re: Printer Sharing and M1CR0S0FT Windows98"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:26 PDT