Vulnerability Development mailing list archives
Re: Valid characters on one o/s are invalid on another
From: Michel Arboi <arboi () yahoo com>
Date: Wed, 27 Jun 2001 11:41:30 +0200 (CEST)
--- "Kayne Ian (Softlab)" <Ian.Kayne () softlab co uk> a écrit :
Files started "dissapearing" from the CD etc... Didn't go much further than this...
I do not think that you can go much further, unless the "strange" characters are converted to something else. It would then be possible to overwrite system files while displaying weird names in the Winzip (or anything else) interface. _If_ such an exploit exists, it would probably concern a specific client (e.g. command line unzip but not winzip...) BTW, some people ran into this problem years ago. In the old days, I read some parts of the POSIX specifications about this. I was on an OpenVMS environment, trying to use lex and yacc in the POSIX subsystem. VMS did not allow several dots in a file name, so the "POSIX" lex command generated lex_yy.c and yacc ytab.c (instead of lex.yy.c & y.tab.c). This was allowed by POSIX (so I could not trash the VMS for "legal" reasons <grin>). It then crossed my mind that worse problems could arise with cpio and tar. POSIX said that if those commands encountered a file that could not be created because of limitations of the underlying file system, they may rename it, or just drop it. ___________________________________________________________ Do You Yahoo!? -- Pour faire vos courses sur le Net, Yahoo! Shopping : http://fr.shopping.yahoo.com
Current thread:
- Re: Recovering the activation key from a Win2K installation, (continued)
- Re: Recovering the activation key from a Win2K installation Technical Support (Jun 30)
- Re: Recovering the activation key from a Win2K installation Bryan Allerdice (Jun 27)
- Re: Recovering the activation key from a Win2K installation Zow (Jun 27)
- Re: Valid characters on one o/s are invalid on another Sander Smeenk (CistroN Medewerker) (Jun 26)
- Re: Valid characters on one o/s are invalid on another Craig Boston (Jun 26)
- Re: Valid characters on one o/s are invalid on another James Robbins (Jun 26)
- Re: Valid characters on one o/s are invalid on another Meritt James (Jun 27)
- Re: Valid characters on one o/s are invalid on another Craig Boston (Jun 27)
- Re: Valid characters on one o/s are invalid on another Juan M. Courcoul (Jun 27)
- Re: Valid characters on one o/s are invalid on another ian (Jun 28)
- Re: Valid characters on one o/s are invalid on another James Robbins (Jun 26)
- Re: Valid characters on one o/s are invalid on another Mathew B (Jun 30)