Is it possible to use WeChat (Weixin) more safely in recent versions of Android by using permissions?

I assume that anything written or read on WeChat is read by the government of the People’s Republic of China. I understand the risks of that.

However, I would like to understand the implications of using WeChat for other data on my device. With earlier versions of Android, you had to grant all an app’s permission requests in order to use it, and WeChat demanded every possible permission. More recent versions of the OS allow users to grant or deny permissions in groups. Is there a combination of permissions which would allow WeChat to function as a chat/messenger app, but prevent it from reading other data on my device?

Bell-LaPadula permissions

I have to find Read/Write permissions in this exercise.

  • Security Levels = Low < Medium < High
  • Categories = A, B

Subject: Alice

  • label(Alice) = (M, {A})

Objects:

  • label(o1) = (L, {A,B})
  • label(o1) = (L, {})
  • label(o1) = (M, {B})
  • label(o1) = (H, {A,B})

I draw all information flows:

enter image description here

and so I found the permissions:

  • o1 : none
  • o2 : read
  • o3 : none
  • o4 : write

But the solution will be: none + read + none + none

Where is the problem in my solution?


In the exercise there’s an Access Control Matrix too. But the subject of matrix isn’t Alice but Bob.

  • M[Bob, o1] = RW
  • M[Bob, o2] = R
  • M[Bob, o3] = RW
  • M[Bob, o4] = R

If I consider the ACM for Alice the permission for o4 is None (as solution) because of the DS-Property of BLP model.

Is there a way to find a correct solution without ACM or my Professor was wrong writing the exercise (subject in ACM)?

Thank you for attention. I hope you can help me!

SSRS 2017 permissions required to deploy

I’m having issues with one of our developers deploying reports to SSRS, they seem to be able to deploy datasets, however not reports themselves. As a temporary measure, we’ve granted all privileges e.g. Content Manager, Publisher etc. and also sysAdmin on SQL Server, yet they are not able to deploy reports. However, a developer with what appears to have the same permissions (sysAdmin and all privilleges in SSRS) can deploy without issue. The error message can be seen below:

"The permissions granted to user 'Domain\Username' are insufficient for performing this operation." 

Permissions required for row counts to show up on Object Explorer Details

I’m having a weird security issue. I have a user that’s using SSMS 18.2 on a SQL 2016 server. They are a member of db_datareader but when they pull up the the Row Count column in Object Explorer Details it’s blank. As best I can tell it is requiring DBO in order to get the row counts to show up.

User with read access: enter image description here

User with dbo access: enter image description here

Is this a bug or intentional? Does anyone know if there is a lower level of permissions that will give this row count? I know there are plenty of other ways to get the row count, sys.partitions for example, however the user insists they want to use the OED window.

How can one tell if a binary is safe to give sudo permissions for to an untrusted user?

sudo is sometimes used to give untrusted or “semi-trusted” users the ability to perform certain tasks as root, while not giving them unlimited root access. This is usually done via an entry into /etc/sudoers, specifying which programs can be executed.

However, some programs may provide more (no pun intended) functionality than expected, such as more, less, man or find, which offer to execute other programs – most notably a shell.


Usually, which programs are safe to execute depends on knowledge of the sysadmin. Certain binaries like echo or cat are most likely safe (i.e. don’t allow the user to spawn a shell), while others like the examples above are known to be exploitable.

Is there a way to assess with reasonable confidence whether or not an executable is “safe” when given sudo permissions for? Or is the only way a comprehensive source-code audit?


In response to cat not being safe: Yes, it can be used to read sensitive files as root. In some setups, this may be the intended use-case (e.g. a limited user being able to read as root, but not write).

Furthermore, comments or answers explaining to me that sudo is not the correct way to grant read permissions like this: I know. I am absolutely aware how a file-system should be structured, but due to the nature of my work, I can’t influence how file-systems are structured on those servers. All I can do is to see which recommendation fixes the immediate problem. So please, don’t challenge the frame of the question. I don’t have an XY-problem.

Unique Permissions for a group

I have a library with unique permissions on specific documents which were created by sharing those documents.

I have a SP group which I want to grand it a unique permission to each one of these documents.

I’m looking for a PowerShell solution as I can’t grant permission to each one by its own as it will take a lot of time.

Thanks

Permissions for SharePoint 2013 Workflow

I have created a list workflow in sharepoint 2013. The user that I assigned to test it has the following permissions:

Site Level: Read Only
List: Edit

She can submit an item to the list, but the 2013 workflow will not execute. It is set to start when a new item is created. This is the error that shows when I login and look at the workflow status for the item created:

workflow error

I have read that the user starting a workflow must have a minimum of contribute permissions, but it doesn’t designate if that is required of the site level.

I set my permissions up the way I did to restrict site editing to users, and having to allow them access to edit opens up room for error.

Is there a way to get around this?

How do I revert these permissions?

In Windows 10 Pro 64, in File Explorer, in attempting to access a few folders, I got a message saying that I didn’t have permission to access them, but inviting me to click to get permission permanently. I clicked that. I’m now able to access those folders like any other. In order to test what “permanently” meant, I rebooted. I’m still able to access those folders.

In another Q&A in this forum, I’ve been informed this is a security risk. How do I revert those permissions?

Remove list item permissions by role type using JSOM

I’m looking for a good way to remove all list item permissions on a certain list item of a specific role type using the JavaScript object model.

With myListItem.get_roleAssignments().getByPrincipal(myUser).deleteObject(); I can delete the permission for a certain user. I’m looking for a way to delete all permissions of a certain role type (eg SP.RoleType.contributor).