Bugtraq mailing list archives
Re: Windows MS-DOS Device Name DoS vulnerabilities
From: Ewen McNeill <ewen () imatix com>
Date: Sun, 08 Jul 2001 09:57:57 +1200
In message <20010707085436.70904.qmail () web13001 mail yahoo com>, ByteRage writes:
Unfortunately, QueryDosDevice is not supported on some flavours of windows. As stated on the Xitami Web Server Support Mailing List (http://xitami.ec-computers.net/2001/Apr/Msgs/l2w02603.html) [..... quoting a message that I wrote on the Xitami users mailing list .....] "As a result, I've rewritten the system_devicename() detection routine that Xitami uses, to take a more pragmatic approach: [try QueryDosDevice(), then try fixed path names] [.....]" cfr http://www.imatix.co.nz/test/testwindev.c
Readers should note that this was an experiment with trying to make better use of QueryDosDevice(), which didn't pan out. As per my earlier post to Bugtraq even this approach was not sufficient. (Reading through the Xitami list archives at the above website (through mid-May), and then later at http://lists.xitami.org./pipermail/xitami/ (mid-May onwards) gives more detail; the archives will be consolidated when we get time.) In the end I concluded QueryDosDevice() simply was not suitable for the purpose of determining whether a pathname would access a device or not (due to unportability amongst various Win32 versions, inaccuracy on various platforms (both false positives and false negatives), differences in what it returned and what opening devices accepted, and the need to test each portion of the path individually including doing processing to strip off extensions, etc). The eventual solution we went with is in the src/sfl/sflfile.c file in Xitami 2.4d9 (release) and Xitami 2.5b5 (beta test); the source for both is available from http://www.xitami.com/ Essentially we open the file with the Windows API first, check that it is disk file (and fail the open if it isn't), then reopen it with the unix-style interface wanted by the rest of the software. (Obviously this depends on having the OS fix so that merely opening a device with the wrong path doesn't cause the OS to crash.) The eventual solution is a horrible kludge, but the 20+ year legacy of devices being accessed through magic names that appear in every directory is also a horrible kludge. It was a somewhat cute trick when I encountered it in CP/M, and understandable that it was in MS-DOS 1.0 given its heritage, but it really should never have been allowed to persist 20 years later. Ewen -- Ewen McNeill, Technical Consultant, iMatix Corporation www.imatix.com
Current thread:
- Re: Windows MS-DOS Device Name DoS vulnerabilities, (continued)
- Re: Windows MS-DOS Device Name DoS vulnerabilities ByteRage (Jul 06)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Michael Poole (Jul 07)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Alun Jones (Jul 07)
- Re[2]: Windows MS-DOS Device Name DoS vulnerabilities 3APA3A (Jul 07)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Pavel Kankovsky (Jul 07)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Dennis Jenkins (Jul 09)
- AW: Windows MS-DOS Device Name DoS vulnerabilities Martin Werner (Jul 16)
- RE: Windows MS-DOS Device Name DoS vulnerabilities David LeBlanc (Jul 16)
- Windows MS-DOS Device Name DoS vulnerabilities richardca (Jul 07)
- Re: Windows MS-DOS Device Name DoS vulnerabilities ByteRage (Jul 07)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Ewen McNeill (Jul 09)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Dennis Jenkins (Jul 09)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Peter Gutmann (Jul 10)