Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)

[James Greenhalgh <james.greenhalgh@xxxxxxxxxxxx>]

Chris Smith wrote:
> On Mon, 23 Aug 2004 07:11, bipin gautam wrote:
>
> > Not really, I've discoverd a NTFS feature (BUG?).
> > well... If you have system/administrative privilages
> > in a disk.... you can read/modify a file even though
> > it has "EVERYONE: DENY" permission set.
>
>
> OMFG!! REISERFS HAS THE SAME EXPLOIT!!!!
>
> CHECK OUT MY POC!
>
> chris@chris h4x0r $ echo "bipin sucks" >> hax
> chris@chris h4x0r $ chmod -rwx hax
> chris@chris h4x0r $ ls -alo hax
> ----------  1 chris 12 Aug 23 21:58 hax
> chris@chris h4x0r $ cat hax
> cat: hax: Permission denied
> chris@chris h4x0r $ sudo cat hax
> bipin sucks
> chris@chris h4x0r $

Chris - it's worse than we thought.  Looks like EXT3 suffers the same 
problem:

jamesgr@gradius:~> echo "4m cl3v4r" >> wtf
jamesgr@gradius:~> chmod -rwx wtf
jamesgr@gradius:~> ls -l wtf
----------  1 jamesgr users 10 2004-08-23 12:01 wtf
jamesgr@gradius:~> su
Password:
gradius:/home/jamesgr # cat wtf
4m cl3v4r
gradius:/home/jamesgr #

Obviously they must both be derived from the same code.  An IBM employee 
has clearly contributed this code simultaneously to BSD (which Microsoft 
has innocently used) and Linux, copied from UNIX(R) source which SCO owns!

THE SKY IS FALLING!  Please don't hurt me SCO!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html