as i said, any exploit will be in shellcode anyway, so it is just a quick system() call.
On Thu, 14 Mar 2002, leon wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Why not just move Cmd.exe to a different place. Most of these > website attacks will go after the default place because that is where > most users have it. I know it is security through obscurity but it > makes another hurdle / layer / hoop for the attacker to jump through. > > All the best, > > Leon > > - -----Original Message----- > From: Curious George [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, March 12, 2002 12:59 PM > To: [EMAIL PROTECTED] > Subject: Restricting cmd.exe access > > > > This is a slight off shoot of the scary site post. What > are the potential ramifications of restricting "system" > access to cmd.exe? My thought is with all the MS > exploits that are gaining access via some service > running in the system context, this would be a great > way to mitigate the potential impact. Thoughts? > > I am also thinking, ok this is going to inhibit using the > scheduler service under the system account to run > local batches, as well as any stored procedure in > SQL that accesses the command shell, but services > could be run in another context and still have access > to the command shell... > > Am I way off with this? Will this break something that I > am just not seeing? > > TIA > Curious. > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPJDpddqAgf0xoaEuEQKXxwCgoNYByJMqDSapbmEoNjZC2Kv8ZzQAnRx5 > yzSA1ULdq0m/p1hQW2iwyQPm > =2H2Q > -----END PGP SIGNATURE----- >
