Re: Windows NT does not check permissions after HANDLEs are open

From: Syzop (syzat_private)
Date: Thu Aug 30 2001 - 03:58:53 PDT

Next message: Lincoln Yeoh: "Re: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others)"

Previous message: Jeff Jancula: "Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others)"
In reply to: c0nceptat_private: "Windows NT does not check permissions after HANDLEs are open"
Next in thread: Thorat_private: "Re: Windows NT does not check permissions after HANDLEs are open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

c0nceptat_private wrote:

>     The check against the ACL only occurs when the HANDLE is first opened, however. If a HANDLE is opened and permissions on the objecect subsiquently change, the original requestor of the object retains the original access-permissions.

Hi,

Isn't this normal?
At least Linux does the same: only testing permissions when you
do a open(), if you then get write rights, you have them until you close
the file. I just tested it with a little (similar) C program.
Or should it be different with ACLs/NT?

    Syzop.

Next message: Lincoln Yeoh: "Re: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others)"
Previous message: Jeff Jancula: "Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others)"
In reply to: c0nceptat_private: "Windows NT does not check permissions after HANDLEs are open"
Next in thread: Thorat_private: "Re: Windows NT does not check permissions after HANDLEs are open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 30 2001 - 07:58:11 PDT