Head in a blender

Moderating a security forum on LotusUserGroup.org - a security hole a day

Andy Pedisich  March 9 2009 08:00:00 AM
This week I am hosting a Sneak Peak of The Views Admin/Dev 2009 conference at LotusUserGroup.org by moderating a forum.  I know I've mentioned this before.

Each day this week I will try to blog one of the Security Holes that I am covering in my session called "40 Security Holes and How To Fill Them."  Today I want to share a tidbit that smacked me in the face the first time I discovered it.  

What do you think is the most dangerous privilege to the address book that you can hand out?  If you say Manager, you're close.  From my perspective, it's actually the lowly old Editor access, even without the delete privilege added on.

Many administrators are under the impression that you can control what an editor does by assigning them to roles.  Like if you assign an administrator as an editor with user modifier/creator roles, they'll be restricted from modifying anything but person documents.  This is not true.

An administrator with Editor access can edit any and all documents.  The most dangerous one being the server document, where they can quietly give themselves full access administrator privileges.  And unless you have an event handler configured to let you know when "Full Access Administrator" shows up on the console, you'll never know when they put the privilege to use.

Scary, isn't it?  Makes you want to look at the directory ACL right now to see how it's set.  Only the most trusted individuals should be given editor access to the Domino directory.

- Andy

No Comments Found