AW: Windows MS-DOS Device Name DoS vulnerabilities

["Martin Werner" <bugtraq () martinwerner de>]

Just want to give a new thought.

Fact is, that on the one hand side, its merely impossible to write an safe
ftp server using Microsofts Filesystem, because device names can cause
trouble (and I think, this is not a bug, but it's been discussed)

So I think, good coding practice is not using a function, you cannot be sure
to work (noticed the incompatiblilities between different versions of
windows etc.)

In such a situation, the only safe thing one can do, is to

a) change the whole behaviour of windows causing immense trouble porting
applications.

or better take it in your own hand.

I think, that one has to write a flatfile engine, the faster, the better,
that works with ! ! one ! file in the windows filesystem with a name, the
coder choses and thinks to be secure. It could be a good open source
project, to write a filesystem, that can be put into a binary file on any
platform. A great step in compatibility between systems.

Keep on testing software!


Martin Werner

P.S. Feel free to contact me at:

www.martinwerner.de
martin () martinwerner de