[LINK] RFI: Intrusive Internet Mechanisms

Kim Holburn kim at holburn.net
Thu Dec 2 17:10:30 AEDT 2010


I was going to say, I think you need to do this on the \flashplayer\ directory not just the \sys\ directory.  Flash stores it's cookies through various directories under the \flashplayer\ directory.

On 2010/Dec/02, at 4:00 PM, rene wrote:

> On Wed, 1 Dec 2010 22:19:56 +1000, I wrote:
>> On Wed, 1 Dec 2010 21:43:09 +1100, Kim Holburn wrote:
>>> I don't know if this will work but try this:
>>> delete the \sys\ directory and replace it with a file, say a new
>>> empty text file named "sys".  Make it owned by administrator or
>>> "system" if you can.
>> 
>> Thanks but I'm almost certain that won't work. Having become curious
>> and looking around, it seems almost certain that Windows (XP and
>> various other more recent versions) uses the "Read Only" attribute in
>> dir/file properties box to determine whether or not the folder is
>> customized for the purposes of merely *displaying* the listing in
>> Windows Explorer (file directory program).
> [...]
>> It appears that it's theoretically possible to change this default
>> behaviour (according to Microsoft web site and various tech sites)
>> but doing so requires editing the Windows registry (NB: a dangerous
>> proposition for most typical Windows users).
> 
> I've now figured out how to deny write access to a Windows file directory 
> without editing the Windows registry, so that Flash Player can't 
> write/create site domain name sub-directories and files in the 
> ...\macromedia.com\support\flashplayer\sys\ directory (which as I mentioned 
> earlier today is not prevented by setting global preferences to storage=0 
> via the Adobe site interface).
> 
> Following is very a brief outline on how to do that. Obviously, stop 
> reading here if not interested in Windows 'security' options/configuration.
> 
> Note: I do not suggest, let alone recommend, that anyone try to do the 
> following unless they already have a pretty good tech knowledge about 
> Windows in general, file attributes, setting controls on user 
> accounts/administrator accounts and so on (and record what they changed so 
> they can reverse it if later on turns out to be causing any problem).
> 
> The basic difficulty with setting directories to deny write access (or 
> read-only) in various versions of Windows is that default installs do not 
> necessarily enable access to "Administrator" account, nor do they show a 
> "Security Tab" when one right clicks on a file directory name and selects 
> the "Properties" pop up dialog box. 
> 
> If one is using Windows XP *Home* (and probably Vista, which may or may not 
> have 'Home' and 'Pro' versions), then a means of getting access to the 
> Administrator account, and/or the "Security Tab" on a file directory 
> Property dialog box is to boot the computer in Windows "Safe Mode". 
> 'Miraculously' that enables Administrator log-on, and the "Security Tab" in 
> file directory properties box becomes visible. (Apparently in Windows XP 
> *Pro* the "Security Tab" is visible by default -according to claims on 
> various web sites about this issue). Booting into Safe Mode is an 
> 'interesting' exercise itself, because 'how-to' instructions on various web 
> sites about that do not necessarily work. If one suggested method does not 
> work, then search further until a method that does work is found.
> 
> Once one has found a way to see/open the "Security Tab", then in that 
> there's options to set a directory to deny write access. Having logged onto 
> Windows as Administrator, then denying write access to the 
> ...\flashplayer\sys\ directory by the user account name that my computer 
> typically uses when logging onto Windows, the result is that I (when logged 
> on with normal Windows user name) am not able write to the /sys/ directory, 
> and therefore sites running Flash are not able to that either. Flash videos 
> on e.g. ABC iView still run fine (without creating site domain file 
> directories under /sys/). 
> 
> It remains to be seen whether I'll ever discover some problem resulting 
> from having denied write access to the /sys/ directory.
> 
> Also, btw, because the Adobe site global settings.sol file is in the /sys/ 
> directory, setting that directory to deny write access also has the effect 
> of prevening a computer user from creating or changing their preferences on 
> the Adobe site and having same written to the global settings.sol file. (I 
> established a global settings.sol file before denying write access, and so 
> if I ever decide I want or need to change those settings, I'd need to 
> change the directory attributes first).
> 
> Obviously all of that is un-user-friendly, should not be 'necessary', etc. 
> and probably for a lot of people not worth the effort. I just got 
> sufficiently curious and annoyed about not having control of what other 
> people/businesses can write to my computer, to spend some time figuring out 
> how I could implement imo better control.
> 
> Irene
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request 













More information about the Link mailing list