Um - Let's see - if its set as a system envrionment variable, any session created will automatically have access to that variable.
------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Depp, Dennis M. [mailto:deppdm@;ornl.gov] > Sent: Wednesday, November 13, 2002 10:09 AM > To: NT 2000 Discussions > Subject: RE: Securing Webserver was RE: Active Directory > Password Policy G rief. > > > How will an attacker find the COMSPEC variable in the first place. > > Dennis > > -----Original Message----- > From: "Lum, David" <[EMAIL PROTECTED]> > Sent: 11/13/02 9:55:32 AM > To: "NT 2000 Discussions" <[EMAIL PROTECTED]> > Subject: RE: Securing Webserver was RE: Active Directory > Password Policy G rief. > > Wouldn't an attacker utilize the comspec variable to run > the program in the > first place? > > Dave Lum - [EMAIL PROTECTED] > Sr. Network Specialist - Textron Financial > 503-675-5510 > > > -----Original Message----- > From: James Winzenz [mailto:james.winzenz@;inovis.com] > Sent: Wednesday, November 13, 2002 06:42 AM > To: NT 2000 Discussions > Subject: RE: Securing Webserver was RE: Active Directory > Password Policy > G rief. > > > It may have been for IIS 4.0, but certainly isn't listed > in Microsoft's > recommended steps for securing IIS 5.0 (at least, not > that I saw). That > being said, to change the location for cmd.exe, you need > to go into the > environmental variables (properties of my computer, > advanced, environmental > variables button). Under system variables, edit ComSpec > (cmd.exe) and > change it to to the new location. > > James Winzenz, MCSE, A+ > Associate Systems Administrator > InovisTM, formerly Harbinger and Extricity > > > -----Original Message----- > From: Depp, Dennis M. [mailto:deppdm@;ornl.gov] > Sent: Wednesday, November 13, 2002 9:34 AM > To: NT 2000 Discussions > Subject: RE: Securing Webserver was RE: Active Directory > Password Policy G > rief. > > > Actually in securing NT 4.0, Microsoft recommended either > moving these files > to a different location or setting more restrictive ACLs > on these files. > There was a hack for IIS called directory traversal. In > this attack, the > attacker utilizes the default location for webroot and > the default location > for the system files to traverse up the directory to c:\ > and then back to > cmd.exe. This can be done with no privledge elevation. > If cmd.exe is > moved, or if the IUSR account doe not have execute > priveleges, the attacker > is not able to exploit the directory traversal > vulnerability. This is just > one example of a known vulnerability. The next > vulnerability may also > utilize the known locations of certain tools. If the > tools are moved, the > attack is blocked. While I would not rely only on moving > these tools, it is > still a valid and effective defense. > > Dennis Depp > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
