Bugtraq mailing list archives

Re: BugTraq: EFS Win 2000 flaw

From: John Wiltshire <jw () QITS NET AU>
Date: Wed, 24 Jan 2001 11:49:51 +1000

"Inside Windows 2000 - 3rd edition" (MS Press) has a description on how
the EFS system works, including the creation of the temporary file
described here.

It appears that the temp file is created to allow rollback on system
failure during encryption.  This, however, does not excuse the failure
to erase the disk space used by that file once the encrypted file has
been written to disk.  This may lead to a small window where the disk is
in a consistent state (ie the file has been successfully encrypted) and
the backup data is yet to be erased, so the logging/recovery process
should be modified in any fix to ensure that the file system recovers
system failures in the best way possible - obviously a failure during
encryption will leave the unencrypted file on disk for recovery, but a
successful encryption should always remove the unencrypted data.

John Wiltshire

Current thread:

Re: BugTraq: EFS Win 2000 flaw, (continued)
- - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
    - Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
    - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
    - Re: BugTraq: EFS Win 2000 flaw Kirk Corey (Jan 25)
    - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Bryce Walter (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Fulmer, John (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Grubin, Ben (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Abe Getchell (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw John Wiltshire (Jan 24)
  - Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Ben Greenbaum (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 26)