| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Jun 2003 17:25:03 -0400 From: "Phillip R. Paradis" <prp17@...lphia.net> To: "'Christopher Rector'" <crector@...med.edu> Subject: RE: PALM DESKTOP SOFTWARE / WIN 2000 > -----Original Message----- > From: Christopher Rector [mailto:crector@...med.edu] > Sent: Thursday, June 19, 2003 9:11 AM > To: Scott R. Patronik > Subject: Re: PALM DESKTOP SOFTWARE / WIN 2000 > > > If a user logged in and the workstation is locked, the answer > is yes the user can still retrieve data. Provided their Palm unit's hotsync data matches one in the Palm Desktop's database, otherwise the palm desktop will prompt (the prompt appearing, of course, on the locked desktop) as to whether the new device is a replacement for an existing profile's device, or is a new device requiring a new user profile. To retrieve any useful data from a locked workstation, one would need either the target user's PDA or be able to forge the hotsync ID. (I suspect the latter to be rather trivial) I do not know what behavior Palm Desktop will exhibit if the target user's device was password protected; either the device or the software may prompt for the password before transferring data, especially data marked as private. This would, however, be something worthy of testing. > least all versions up to 4.01) Palm Desktop software had to > be installed with local Admin rights for each user on 2K, > then have that right revoked back to their normal level. The > sync software will only run on a user account that was > installed properly. > > Example: > > Joe Blow user, installed Palm desktop with admin rights. Can > function correctly. Mary Smith user, logs onto the same > machine with her account and tries to sync, it's a no go Palm > sync will not work. In my experience, admin rights are required: A. To install the software, and B. To perform the first sync operation with a given model of device. Admin rights are not needed to perform subsequent sync operations with the same device, nor are they generally needed to perform sync operations with a device that uses the same device driver as a device previously synchronized. If each user is using the same model of PDA, only the first user to perform a sync should need admin rights. (If the devices are different, i.e. a Palm device and a Handspring device, separate drivers may be needed for each, and a sync should be performed with one device of each type by a user with admin rights) Users do, however, need appropriate permissions for the directories where their Palm data is stored on the hard disk; this is normally in Program Files, where non-admins typically do not have sufficient rights to perform a sync. (Each Palm device's profile is stored in a separate directory in the Palm Desktop's main program folder. To sync a device, each user needs full control over the directory corresponding to their device's profile. In addition, new users need permission to create new profile directories)
Powered by blists - more mailing lists