[21396] in bugtraq
Re: Windows MS-DOS Device Name DoS vulnerabilities
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Sat Jul 7 18:10:52 2001
From: "Pavel Kankovsky" <peak@argo.troja.mff.cuni.cz>
Date: Sat, 7 Jul 2001 18:12:22 +0200 (MET DST)
To: bugtraq@securityfocus.com
In-Reply-To: <114170563437.20010706134620@SECURITY.NNOV.RU>
Message-ID: <20010707173839.F2.0@bobanek.nowhere.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 6 Jul 2001, 3APA3A wrote:
> ... and the problem is definitely in software, not in operation
> system, because operation system behaves exactly as expected and
> documented.
But it is still OS's problem when the specification / documentation it
conforms to is braindead. Adding implicit entries for devices into EVERY
directory is definitely braindead.
BTW: What will happen when Joe Luser creates a file called XYZ on day 1,
installs a device driver called XYZ--adding XYZ to the list of magical
filenames--on day 2, and tries to access XYZ on day 3? Inquiring minds
want to know...
> if( GetFileType(hFile) != FILE_TYPE_DISK ) {
> lstrcpy( lpszPath, TEXT("Invalid File Type") );
> return( 0 );
> }
[...]
> Checks like this must be in "best coding practice", because even if
> security is not in question user can specify special device name by
> accident.
Unfortunately, a user can specify such a name deliberately in order to do
something meaningful (e.g. the old good "copy con filename"). Adding such
a check to programs interpreting filenames given by an untrusted party is
probably a good idea (both on MS Windows and unix-like OSes) but it is a
more a desperate attempt to circumvent the lack of a better mechanism than
"the best coding practice."
BTW2: GetFileType() seems to take a handle as its argument, i.e. the
caller must already have called OpenFile() in order to be able to use
it--and call CloseFile() (CloseHandle()?) afterwards. Are OpenFile() and
CloseFile() guaranteed to be free of dangerous side effects?
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
