Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows short (8.3) filenames - a security nightmare?

From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Wed, 4 Jul 2012 15:36:54 +0200
"Bogdan Calin" <bogdan () acunetix com> wrote:


Hi guys,

I wrote a blog post about security issues related with Windows short (8.3) filenames.

http://www.acunetix.com/blog/web-security-zone/articles/windows-short-8-3-filenames-web-security-problem/


1. tell news

2. since all (but Microsoft) know very well that Windows x64 can't run
   16-bit DOS and Windows 3.x programs any more Microsoft still enables
   8.3 filenames in all versions of Windows ... at least on the system
   drive.

JFTR: Windows Vista and later enforce 8.3 filenames on the system drive.

You can but try to remove them via
    %SystemRoot%\System32\FSUtil.Exe 8Dot3Name Strip ...
(see <http://technet.microsoft.com/en-us/library/ff621566.aspx>)


JFTR2: Windows NT4 and Windows NT5.x don't enforce this stupidity.

You can turn off 8.3 filename creation during setup of Windows NT5.x
via addition of a file

    --- \i386\MIGRATE.INF or \amd64\MIGRATE.INF ---
    [Version]
    Provider  = "Stefan Kanthak"
    Signature = "$Windows NT$"

    [AddReg]
    ; Disable creation of 8.3 DOS filenames (see MSKB 121007 & 210638)
    HKLM,"System\ControlSet001Control\FileSystem","NTFSDisable8dot3NameCreation",65537,1
    --- EOF ---

and modification of the file

    --- \i386\TXTSETUP.SIF or \amd64\TXTSETUP.SIF ---
    ...

    [HiveInfs.Fresh]
  + AddReg = MIGRATE.INF,AddReg

    [HiveInfs.Upgrade]
  + AddReg = MIGRATE.INF,AddReg

    ...
    --- EOF ---


JFTR3: when done, create an empty file "%ProgramFiles%\Shared.exe"
(change the filename according to your language to match
"%CommonProgramFiles%" up to the last space) to see the wonderful
crapware from InstallShield fail.-P

If not, it will fail anyhow, at least during uninstallation or repair.
You can count on Wise installer too.-(

When "%ProgramFiles%" contains a space, create the appropriate file
in %SystemDrive% too.

Yes, more than 17 years after the introduction of long filenames
there a still developers who don't know how to use them properly!


Stefan Kanthak

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: