On Mon, 23 Aug 2004 07:11, bipin gautam wrote:
Not really, I've discoverd a NTFS feature (BUG?). well... If you have system/administrative privilages in a disk.... you can read/modify a file even though it has "EVERYONE: DENY" permission set.
OMFG!! REISERFS HAS THE SAME EXPLOIT!!!!
CHECK OUT MY POC!
[EMAIL PROTECTED] h4x0r $ echo "bipin sucks" >> hax [EMAIL PROTECTED] h4x0r $ chmod -rwx hax [EMAIL PROTECTED] h4x0r $ ls -alo hax ---------- 1 chris 12 Aug 23 21:58 hax [EMAIL PROTECTED] h4x0r $ cat hax cat: hax: Permission denied [EMAIL PROTECTED] h4x0r $ sudo cat hax bipin sucks [EMAIL PROTECTED] h4x0r $
Chris - it's worse than we thought. Looks like EXT3 suffers the same problem:
[EMAIL PROTECTED]:~> echo "4m cl3v4r" >> wtf [EMAIL PROTECTED]:~> chmod -rwx wtf [EMAIL PROTECTED]:~> ls -l wtf ---------- 1 jamesgr users 10 2004-08-23 12:01 wtf [EMAIL PROTECTED]:~> su Password: gradius:/home/jamesgr # cat wtf 4m cl3v4r gradius:/home/jamesgr #
Obviously they must both be derived from the same code. An IBM employee has clearly contributed this code simultaneously to BSD (which Microsoft has innocently used) and Linux, copied from UNIX(R) source which SCO owns!
THE SKY IS FALLING! Please don't hurt me SCO!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
