I have discovered that when I start Adobe Photoshop Album (Starter Edition
3.2) as a limited user it displays not only pictures stored for that limited
user but also pictures contained in folders to which the limited user is
denied access!

I believe this might be a general security problem and should like to know
what properties for either (and most likely) the application or the files
probably have undesired settings (by default?)

The application security properties specify four user groups, two of which
seem interesting: SYSTEM and INTERACTIVE, but I do not quite understand what
they represent. (The two others are the administrator and the administrators
group). And if I try to make changes that I would guess are what I want I
get warning messages to the effect that my changes will have side effects I
most certainly do not want.



Can anyone give me som hints on where to begin looking?

regards Sven

"Sven Pran" <no.direct@xxxxxx> wrote in message
news:#Gawd8#vIHA.4912@xxxxxx

> I have discovered that when I start Adobe Photoshop Album (Starter Edition
> 3.2) as a limited user it displays not only pictures stored for that
> limited user but also pictures contained in folders to which the limited
> user is denied access!
>
> I believe this might be a general security problem and should like to know
> what properties for either (and most likely) the application or the files
> probably have undesired settings (by default?)

How have you determined that "the limited user is denied access" to these
files?

If you've tried to access the folder from Explorer, or tried to access the
files from, say, the Windows Live Photo Gallery, and you've been told you
have no permissions to view the files, that's pretty conclusive that you are
prevented from accessing those images, as a limited user, by NTFS
permissions.

However, one problem that is relatively common in search tools is that they
build search results on a system-wide, rather than per-user, basis.
Typically, such a search tool will install a service that runs as SYSTEM or
an account that is a member of the Administrators group. This service runs
in the background whenever the computer is switched on, and scans for files
to add to its collection. When the search interface is run by a user, then,
it will communicate to the search service - and the search service has to
decide what information to provide to the user.

A well-written search service will verify the user's access permissions to
the files that are in its index - a poorly-written search service will allow
any user to access information on any item in its index, and may even grant
access to the file itself, if it is particularly badly designed.

Is this program allowing you full access to the images it finds, or merely
thumbnails and attributes? Obviously, either is a sign that the application
is not correctly enforcing security boundaries that it has opened.

> The application security properties specify four user groups, two of which
> seem interesting: SYSTEM and INTERACTIVE, but I do not quite understand
> what they represent. (The two others are the administrator and the
> administrators group). And if I try to make changes that I would guess are
> what I want I get warning messages to the effect that my changes will have
> side effects I most certainly do not want.

SYSTEM is reserved for code that is running in the context of the operating
system itself - in many respects, this is more powerful than the
Administrator account.

INTERACTIVE is not a traditional group - it doesn't have members listed, for
instance - but any time you log on through an interactive session (at the
console, or with Remote Desktop, say), this group is added to the list of
groups that your session has as memberships.

If the INTERACTIVE group is given access to a file, that file can be
accessed by anyone logging on interactively.

> Can anyone give me som hints on where to begin looking?

I hope I've given you something to go on with the above information.

If you have given the INTERACTIVE group read access to these images, then
there is no bug - you've told the system that anyone can access these files
provided that they're logged on interactively to the system.

If the only legitimate access to the files is allowed through rights granted
to Administrator, the Administrators group, and the SYSTEM account, then you
need to ask the publisher of this software for support to address this
issue.

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/blogs/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

Thanks for this comment, I have inserted answers to your questions in the
text below
"Alun Jones" wrote

> "Sven Pran" wrote

>> I have discovered that when I start Adobe Photoshop Album (Starter
>> Edition
>> 3.2) as a limited user it displays not only pictures stored for that
>> limited user but also pictures contained in folders to which the limited
>> user is denied access!
>>
>> I believe this might be a general security problem and should like to
>> know
>> what properties for either (and most likely) the application or the files
>> probably have undesired settings (by default?)

>
> How have you determined that "the limited user is denied access" to these
> files?
>
> If you've tried to access the folder from Explorer, or tried to access the
> files from, say, the Windows Live Photo Gallery, and you've been told you
> have no permissions to view the files, that's pretty conclusive that you
> are
> prevented from accessing those images, as a limited user, by NTFS
> permissions.

I navigate from the "Start" icon through "Computer", "OS(C, "Users" to
"Owner" and receives the message: 'You don't currently have permission to
access this folder'.

The messagebox offers me clicking "Continue" to get access, and then I have
to type in the correct password.

No similar routine is requested by Adobe Photoshop Album

>
> However, one problem that is relatively common in search tools is that
> they
> build search results on a system-wide, rather than per-user, basis.
> Typically, such a search tool will install a service that runs as SYSTEM
> or
> an account that is a member of the Administrators group. This service runs
> in the background whenever the computer is switched on, and scans for
> files
> to add to its collection. When the search interface is run by a user,
> then,
> it will communicate to the search service - and the search service has to
> decide what information to provide to the user.

In Windows Task manager I can see "apdproxy.exe" running as a process under
my limited username all the time, but I see no other process or service that
appears associated with Adobe running (as for instance SYSTEM)

>
> A well-written search service will verify the user's access permissions to
> the files that are in its index - a poorly-written search service will
> allow
> any user to access information on any item in its index, and may even
> grant
> access to the file itself, if it is particularly badly designed.
>
> Is this program allowing you full access to the images it finds, or merely
> thumbnails and attributes? Obviously, either is a sign that the
> application
> is not correctly enforcing security boundaries that it has opened.

I believe this is the most important question: When in the display by Adobe
I try to copy or open the indicated picture I get a message that files are
missing. Apparently what I see are just catalog entries created when these
pictures were originally imported from my camera, something i did as my
limited user. Next I moved the pictures I wanted to protect from general
access over to the administrator user but obviously the catalog entries were
not deleted automatically.

What I must do (and i am going to try just that) is to manually delete all
such pictures from the catalog so that they only remains in the protected
folders.
..

>> The application security properties specify four user groups, two of
>> which
>> seem interesting: SYSTEM and INTERACTIVE, but I do not quite understand
>> what they represent. (The two others are the administrator and the
>> administrators group). And if I try to make changes that I would guess
>> are
>> what I want I get warning messages to the effect that my changes will
>> have
>> side effects I most certainly do not want.

>
> SYSTEM is reserved for code that is running in the context of the
> operating
> system itself - in many respects, this is more powerful than the
> Administrator account.
>
> INTERACTIVE is not a traditional group - it doesn't have members listed,
> for
> instance - but any time you log on through an interactive session (at the
> console, or with Remote Desktop, say), this group is added to the list of
> groups that your session has as memberships.
>
> If the INTERACTIVE group is given access to a file, that file can be
> accessed by anyone logging on interactively.
>

>> Can anyone give me som hints on where to begin looking?

>
> I hope I've given you something to go on with the above information.

You most certainly have, and i am very grateful!.

>
> If you have given the INTERACTIVE group read access to these images, then
> there is no bug - you've told the system that anyone can access these
> files provided that they're logged on interactively to the system.

That added to my understanding, and I shall keep it in mind.

I suppose INTERACTIVE then includes the user that is actually logged on from
the desktop, or is it only user(s) logged on for instance from other
computers on my LAN?

> If the only legitimate access to the files is allowed through rights
> granted to Administrator, the Administrators group, and the SYSTEM
> account, then you need to ask the publisher of this software for support
> to address this issue.
>
> Alun.
> ~~~~

And thanks again for your comments.

regards Sven