[14114] in bugtraq
Re: Disk (over)quota in Windows 2000
daemon@ATHENA.MIT.EDU (Mikael Olsson)
Wed Mar 1 18:35:22 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <38BCD094.C6663E7C@enternet.se>
Date: Wed, 1 Mar 2000 09:11:00 +0100
Reply-To: Mikael Olsson <mikael.olsson@ENTERNET.SE>
From: Mikael Olsson <mikael.olsson@ENTERNET.SE>
X-To: pgut001@cs.auckland.ac.nz
To: BUGTRAQ@SECURITYFOCUS.COM
Peter Gutmann wrote:
>
> Dave Tarbatt - ACS <D.A.Tarbatt@BOLTON.AC.UK> writes:
>
> >I've been looking into disk quotas under Windows 2000 and have uncovered a
> >few anomalies. On top of a few peculiarities there appears to be a bug which
> >allows a user to exceed their disk quota by as much as they wish.
>
> Isn't this just a cluster-size filling issue? It looks like accounting is
> being done on a bytes-used basis but files are managed on a per-cluster basis,
> so it's possible to extend files out to fill the cluster without coming into
> conflict with the quota system.
Not "just" a cluster-size filling issue. The idea of quotas is preventing
people from using all available hard disk space, as that is a VERY effective
DoS. This bug means that W2K basically does not have any quotas, since it does
not provide that protection.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 VRNSKVLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se E-mail: mikael.olsson@enternet.se
