[10750] in bugtraq
Re: Windows NT 4.0, 95, 98 (?) networked PRN flaw
daemon@ATHENA.MIT.EDU (Jens Benecke)
Tue Jun 8 13:13:54 1999
Mail-Followup-To: BUGTRAQ@NETSPACE.ORG
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990607200655.A24726@earth.zuhause.de>
Date: Mon, 7 Jun 1999 20:06:55 +0200
Reply-To: Jens Benecke <jens@PINGUIN.CONETIX.DE>
From: Jens Benecke <jens@PINGUIN.CONETIX.DE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <AA1266092DDDD11197A20000F84A81B801EB64C3@clvex04.clv.rpr.rp>;
from STEVENS, Eric on Fri, Jun 04, 1999 at 08:20:16AM -0400
On Fri, Jun 04, 1999 at 08:20:16AM -0400, STEVENS, Eric wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I suppose that, in an effort to maintain reverse compatibility with
> old MS-DOS command line gurus, you cannot create a file or directory
> named PRN.xxx where the xxx is replacable with any extension.
> Explanation and flaw follow.
(...)
> Ok, so that doesn't seem so bad, but the real issue is that the
> directory you've just created is non-removable for as long as it
> posesses that name. So let's try to rename the file... oops, can't do
> that, we get an access violation. Next, let's try mapping
> \\whatever\anydir to w:\ again. I go to my new W drive and try to
> rename the file, I get the error "Cannot rename prn: A file with the
> name you specified already exists. Specify a different filename."
> Ooooookaaaaay. Frustrated now, I try to delete the file. Oops, now
> it tells me "Cannot delete prn: The parameter is incorrect." Well,
> what about that file/directory I've created with the name PRN.xxx?
> That one vanishes with no problem, but only when the server is
> referenced in the \\whatever fashion. When I try to delete this
> PRN.xxx file from my new W: drive, all it does is lock up my window
> with a nearly endless hourglass. Finally, ten minutes later, I'm told
> "Cannot delete file: File system error (1026)." But this only occurs
I get exactly the same error when trying to rename/move/open/copy a file
that contains UNIX umlauts, when SAMBA is serving that file to any Windows
flavor. This seems to be a Windows problem, a 'sed' script remaps all the
"bad" characters and all went well (ok, now you don't see them on UNIX but
WTH...)
This was reproduced on all current Windows versions and a Linux box running
Samba. I think there is already a codepage remapping patch available for
Samba that fixes this.
> The next step is to try to delete the parent directory. This does not
> work! PRN still gives access violations, and so the parent directory
> is locked in place. So how much harm can this REALLY be? So I've got
> a few empty files and directories that are undeletable. Well, if in
> stead of just creating a new directory, I copy a large directory to
> the server, say c:\winnt, or perhaps c:\program files, then rename it
> to prn, now I've just created half a gig or more (depending on how
> malicious I am) of un-reclaimable server hard drive consumption. This
> directory cannot be browsed! It has become a sore on the surface of
> this hard drive.
The server should at least be capable of removing 'anything' locally. If
not, this could be a really serious bug, imagine NT, not having user
quotas, as a $HOME server to a couple bad boys.
--
_ciao, Jens_______________________________ http://www.pinguin.conetix.de
Anyone comfortable with using Linux shall use it. | "I'm afraid Linux has a
Anyone wanting to tell other people what they | year-429496 problem"
should be using can go work for Microsoft. | -- Kernel mailing list
