Bugtraq mailing list archives
Re: BugTraq: EFS Win 2000 flaw
From: John Wiltshire <jw () QITS NET AU>
Date: Wed, 24 Jan 2001 11:49:51 +1000
"Inside Windows 2000 - 3rd edition" (MS Press) has a description on how the EFS system works, including the creation of the temporary file described here. It appears that the temp file is created to allow rollback on system failure during encryption. This, however, does not excuse the failure to erase the disk space used by that file once the encrypted file has been written to disk. This may lead to a small window where the disk is in a consistent state (ie the file has been successfully encrypted) and the backup data is yet to be erased, so the logging/recovery process should be modified in any fix to ensure that the file system recovers system failures in the best way possible - obviously a failure during encryption will leave the unencrypted file on disk for recovery, but a successful encryption should always remove the unencrypted data. John Wiltshire
Current thread:
- Re: BugTraq: EFS Win 2000 flaw, (continued)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Kirk Corey (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 24)