Path: utzoo!attcan!uunet!snorkelwacker!tut.cis.ohio-state.edu!ukma!rutgers!news-server.csri.toronto.edu!utgpu!ria!pruss
From: pruss@ria.ccs.uwo.ca (? pruss)
Newsgroups: alt.hackers
Subject: Execute only files on Novell
Message-ID: <445@ria.ccs.uwo.ca>
Date: 7 Jun 90 14:41:50 GMT
Organization: University of Western Ontario, London
Lines: 21
Approved: AlessandroRobertoPotterinni@130.18.64.3

The Execute-Only attribute in Novell netware seems to be rather
poorly implemented.  While much care is put into making certain
that the attribute is permanent and cannot be revoked by any user
(not even supervisor), with a little care and ingenuity any 
JoeHacker-User with execute priveleges to that file can copy it.

In fact I have even been able to write a program that makes it possible
for any user to run it and subsequently copy ANY exec-only file.

Please note I have distributed neither my program nor specific data
on how this is done.

The cause of this security gap seems to be the fact that for exec-only
files the server queries the workstation whether it is executing
the program and thus is allowed to read it, or whether it is just reading it.
The workstation can, of course lie...  

I am wondering whether any one has hacked netware to make exec-only
more secure?

pruss@ria.ccs.uwo.ca   //   pruss@ria.uucp