Bugtraq mailing list archives
Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)
From: Glynn Clements <glynn.clements () virgin net>
Date: Wed, 18 Jul 2001 20:58:43 +0100
aland () striker ottawa on ca wrote:
One may be tempted to block all the files below /dev inside the browser/servers. Could this be a cure for this problem under linux/UNIX?No. The browsers should be using the 'fstat' function, prior to opening any 'file://' URL.
fstat() requires a descriptor; you need to use stat(). BTW, on Unix, simply open()ing a device can have undesirable consequences, hence the need to use stat() before opening the file.
Regular files and directories should be OK. Links should have their links de-referenced, and the linked-to file 'fstat'ed also. Any other files should be ignored.
Symbolic links don't show up in the results from stat() or fstat(); you would need to use lstat() if you wanted to identify links (in this case, you don't). I notice that the Windows mechanism which is being recommended, i.e. GetFileType(), requires a file handle. As Alun Jones pointed out:
The person quoted here doesn't indicate whether it is merely opening the device files, or trying to access (read or write) their contents, is what will "wedge the DOS box" - if the former, then GetFileType is sadly of no assistance.
Can anyone shed any light upon whether the act of opening a device under Windows can have undesirable side effects? -- Glynn Clements <glynn.clements () virgin net>
Current thread:
- Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Ishikawa (Jul 18)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Robin Houston (Jul 18)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) David F. Skoll (Jul 18)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) aland (Jul 18)
- Internet Explorer file:// URL issues Chad Loder (Jul 19)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Glynn Clements (Jul 19)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Jeffrey W. Baker (Jul 18)
- Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Richard Kettlewell (Jul 19)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) George Staikos (Jul 20)
- <Possible follow-ups>
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) der Mouse (Jul 19)