From: Microsoft Product Security Response Team [secure@MICROSOFT.COM]
Sent: Tuesday, November 02, 1999 10:47 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Re: SCSI port device is backdoor to disk access

Hi All -

We did an investigation of this issue and, while it does reproduce in some
cases, it's not a Windows NT issue.  The problem lies in the security of the
third-party SCSI drivers.  Regards,

Secure@microsoft.com

>
> -----Original Message-----
> From: Eric Gisin [mailto:ericg@TECHIE.COM]
> Sent: Monday, November 01, 1999 9:44 AM
> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Subject: SCSI port device is backdoor to disk access
>
>
> Windows NT restricts fixed disk access to Administrators.
> These are the
> \\.\PhysicalDrive# and \\.\X: devices. However, there are
> SCSI port devices
> that are not restricted, the \\.\SCSI#: devices.
>
> I noticed that ASPI based benchmarks could be run by anyone.
> ASPI opens the
> SCSI device and can do disk IO using SCSI commands. Examples
> are Adaptec
> SCSI Bench and asbnch32 from www.winimage.com. The latter
> includes source,
> which could be modified to edit disks.
>
> Note that fixing the SCSI device permissions will disable all
> CD burning
> software and other ASPI utilities for non admins. Oh, EIDE
> drives can also
> be accessed through the ATAPI miniport.
>