[14130] in bugtraq
Re: Disk (over)quota in Windows 2000
daemon@ATHENA.MIT.EDU (Bret Piatt)
Wed Mar 1 22:21:53 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Message-Id: <00ff01bf8398$b43fa200$0e0aa8c0@pacificom>
Date: Wed, 1 Mar 2000 08:10:45 -0800
Reply-To: Bret Piatt <bpiatt@flash.net>
From: Bret Piatt <dknight@CSUCHICO.EDU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
----- Original Message -----
From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Tuesday, February 29, 2000 5:55 PM
Subject: Re: Disk (over)quota in Windows 2000
> Dave Tarbatt - ACS <D.A.Tarbatt@BOLTON.AC.UK> writes:
>
> >I've been looking into disk quotas under Windows 2000 and have uncovered
a
> >few anomalies. On top of a few peculiarities there appears to be a bug
which
> >allows a user to exceed their disk quota by as much as they wish.
> >
> >[...]
> >
> >I discovered by experiment that new files can be created upto a size of
> >(Quota - UsedSpace + 2KB - 1byte), i.e. they can go overquota by up to
2047
> >bytes. Not too much of a problem. Extending existing files can be up to
> >(Quota - UsedSpace +1KB -1byte) i.e. up to 1023 bytes overquota - nothing
> >much to be worried about.
>
> Isn't this just a cluster-size filling issue? It looks like accounting is
> being done on a bytes-used basis but files are managed on a per-cluster
basis,
> so it's possible to extend files out to fill the cluster without coming
into
> conflict with the quota system.
>
> Peter.
>
This makes it any less of a bug how? The main issue here isn't the fact
that
he can stretch the files up to X bytes its the fact that he can keep
creating
files when he's already exceeded his quota because 0 byte files still take
up 1 block on the disk (512 bytes based on the NTFS system). The Win2k
quota system should count each file a user creates at that minimum size
even if the size is actually smaller. This will not change how the normal
user works but will deny this attack and allow for more accurate accounting.
Bret Piatt - bpiatt@flash.net/dknight@csuchico.edu
Systems Engineer [CCNA/CCDA/MCP]
PacifiCom - (530) 342-8999
