Vulnerability Development mailing list archives
win2k, XP deletes somename_files when somename.html deleted
From: q q <systemcracker () gmail com>
Date: Sat, 5 Feb 2005 19:07:39 +0000
well, the title says it all really; create a file named foobar.html create a folder named foobar_files copy a bunch of files (of any type) inside foobar_files delete foobar.html notice that windows has also deleted foobar_files and everything inside it the reason is that when you choose to save a webpage from MSIE, as 'webpage, complete', it stores images, scripts, css, etc in (htmlfilename)_files when you delete the html file, windows also deletes the associated folder what I found interesting is that there is no special file attribute, registry key, ini entry or anything that flags that folder as linked with the html file. Windows assumes that if there's a folder with the matching name plus _files, it just goes right ahead and deletes it. In terms of security/vulnerabilty, I was wondering if the _files part is stored in the registry (and what other folders are subject to / could be made subject to this implied linkage) Also, could windows be made to do this for other file types? anyone have any thoughts on this? Even if there's no vuln as such, it's something to be aware of. tested on win2k SP4 and XP I think there should at least be an extra/different prompt saying something like "Do you want to delete blah.html, blah_files, and all it's contents?" AFAIK, this only works for .html and .htm files (though it probably works for .php, asp and other 'web' filetypes) -- Computing tutorials, PHP code, online tools and more at http://www.puremango.co.uk
Current thread:
- win2k, XP deletes somename_files when somename.html deleted q q (Feb 07)
- Re: win2k, XP deletes somename_files when somename.html deleted Albert N. Umerov (Feb 07)
- <Possible follow-ups>
- RE: win2k, XP deletes somename_files when somename.html deleted Michael Wojcik (Feb 07)