[21407] in bugtraq
Re: Windows MS-DOS Device Name DoS vulnerabilities
daemon@ATHENA.MIT.EDU (Dennis Jenkins)
Mon Jul 9 13:53:23 2001
Message-ID: <3B49BB0E.1188738C@usb.com>
Date: Mon, 09 Jul 2001 09:09:18 -0500
From: Dennis Jenkins <djenkins@usb.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Since DOS devices exist in every directory (as first explained to
me in
the book 'Undocumented Dos'), we had a trick for testing for the
presence of a directory in a batch file. The test went like this:
if exist C:\DIRECTORY\MOREDIRS\NUL then .....
Because 'NUL' existed in every directory. Couldn't you just
write a
function that takes the filename under question and check to see if that
file existed in a known directory that should not contain any files
(maybe an empty directory created just for this purpose)?
--
djenkins@usb.com Universal Savings Bank.
Security Administrator, Unix Administrator, Alpha Geek
The three most dangerous things are a programmer with a soldering
iron, a manager who codes, and a user who gets ideas.
