Oddities in Windows ACL inheritance

From: Nicolas RUFF (lists) (ruff.listsat_private)
Date: Tue Apr 15 2003 - 08:51:36 PDT

Next message: CORE Security Technologies Advisories: "CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability"

Previous message: securityfocus.comat_private: "Windows 2003 win2k.sys vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

	Hi all,

Let's have a look at Windows 2000/XP ACL inheritance oddities :
1/ Create a new file named "test.txt"
2/ Break ACL inheritance and apply custom ACL
3/ Rename "test.txt" to "othertest.txt"
4/ Check that ACL has not changed

Now :
1/ Use REGEDIT and create a new key (in HKCU for example) named "key"
2/ Break ACL inheritance and apply custom ACL
3/ Rename "key" to "newkey"
4/ ACL has been reseted and is now inherited from parent !

It looks like the "rename" paradigm does not make sense for registry 
keys and REGEDIT has to create a new key, copy values, and delete the 
old key.

Bug or feature ?

Regards,
- Nicolas RUFF
-----------------------------------
Security Consultant
EdelWeb (http://www.edelweb.fr/)
Mail : nicolas.ruffat_private
-----------------------------------

Next message: CORE Security Technologies Advisories: "CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability"
Previous message: securityfocus.comat_private: "Windows 2003 win2k.sys vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 10:50:55 PDT