Re: Windows NT does not check permissions after HANDLEs are open

From: Syzop (syzat_private)
Date: Thu Aug 30 2001 - 03:58:53 PDT

  • Next message: Lincoln Yeoh: "Re: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others)"

    c0nceptat_private wrote:
    
    >     The check against the ACL only occurs when the HANDLE is first opened, however. If a HANDLE is opened and permissions on the objecect subsiquently change, the original requestor of the object retains the original access-permissions.
    
    Hi,
    
    Isn't this normal?
    At least Linux does the same: only testing permissions when you
    do a open(), if you then get write rights, you have them until you close
    the file. I just tested it with a little (similar) C program.
    Or should it be different with ACLs/NT?
    
        Syzop.
    



    This archive was generated by hypermail 2b30 : Thu Aug 30 2001 - 07:58:11 PDT