We have confirmed this POC to work and in fact provide read access to a chosen file that the initiating user didn't have read access to. https://twitter.com/Evil_Polar_Bear/status/1075605011105767424 …
-
-
That shouldn't be possible. Are you running the POC as admin?
-
Yeah, I'm failing to understand why it was possible. Perhaps something went wonky in my failed attempt? In that same VM, my "test_user" home directory gives full permissions to the newly-created "limited" account for some reason. Reverting and trying again shows the PoC workingpic.twitter.com/qJCeZyBFKy
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.