Bugtraq mailing list archives
Re: Windows MS-DOS Device Name DoS vulnerabilities
From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Sat, 7 Jul 2001 18:12:22 +0200 (MET DST)
On Fri, 6 Jul 2001, 3APA3A wrote:
... and the problem is definitely in software, not in operation system, because operation system behaves exactly as expected and documented.
But it is still OS's problem when the specification / documentation it conforms to is braindead. Adding implicit entries for devices into EVERY directory is definitely braindead. BTW: What will happen when Joe Luser creates a file called XYZ on day 1, installs a device driver called XYZ--adding XYZ to the list of magical filenames--on day 2, and tries to access XYZ on day 3? Inquiring minds want to know...
if( GetFileType(hFile) != FILE_TYPE_DISK ) { lstrcpy( lpszPath, TEXT("Invalid File Type") ); return( 0 ); }
[...]
Checks like this must be in "best coding practice", because even if security is not in question user can specify special device name by accident.
Unfortunately, a user can specify such a name deliberately in order to do something meaningful (e.g. the old good "copy con filename"). Adding such a check to programs interpreting filenames given by an untrusted party is probably a good idea (both on MS Windows and unix-like OSes) but it is a more a desperate attempt to circumvent the lack of a better mechanism than "the best coding practice." BTW2: GetFileType() seems to take a handle as its argument, i.e. the caller must already have called OpenFile() in order to be able to use it--and call CloseFile() (CloseHandle()?) afterwards. Are OpenFile() and CloseFile() guaranteed to be free of dangerous side effects? --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Windows MS-DOS Device Name DoS vulnerabilities ByteRage (Jul 05)
- Re: Windows MS-DOS Device Name DoS vulnerabilities 3APA3A (Jul 06)
- Re: Windows MS-DOS Device Name DoS vulnerabilities ByteRage (Jul 06)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Michael Poole (Jul 07)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Alun Jones (Jul 07)
- Re[2]: Windows MS-DOS Device Name DoS vulnerabilities 3APA3A (Jul 07)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Pavel Kankovsky (Jul 07)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Dennis Jenkins (Jul 09)
- AW: Windows MS-DOS Device Name DoS vulnerabilities Martin Werner (Jul 16)
- RE: Windows MS-DOS Device Name DoS vulnerabilities David LeBlanc (Jul 16)
- Re: Windows MS-DOS Device Name DoS vulnerabilities 3APA3A (Jul 06)
- <Possible follow-ups>
- Windows MS-DOS Device Name DoS vulnerabilities richardca (Jul 07)
- Re: Windows MS-DOS Device Name DoS vulnerabilities ByteRage (Jul 07)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Ewen McNeill (Jul 09)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Dennis Jenkins (Jul 09)
- Re: Windows MS-DOS Device Name DoS vulnerabilities Peter Gutmann (Jul 10)