[21536] in bugtraq
AW: Windows MS-DOS Device Name DoS vulnerabilities
daemon@ATHENA.MIT.EDU (Martin Werner)
Mon Jul 16 13:14:15 2001
X-Report-Abuse-To: abuse@kontent.de
From: "Martin Werner" <bugtraq@martinwerner.de>
To: <BUGTRAQ@securityfocus.com>
Date: Mon, 16 Jul 2001 12:30:59 +0200
Message-ID: <NFBBJKFOALKALPBHJPFAMEOPCCAA.bugtraq@martinwerner.de>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20010707173839.F2.0@bobanek.nowhere.cz>
Just want to give a new thought.
Fact is, that on the one hand side, its merely impossible to write an safe
ftp server using Microsofts Filesystem, because device names can cause
trouble (and I think, this is not a bug, but it's been discussed)
So I think, good coding practice is not using a function, you cannot be sure
to work (noticed the incompatiblilities between different versions of
windows etc.)
In such a situation, the only safe thing one can do, is to
a) change the whole behaviour of windows causing immense trouble porting
applications.
or better take it in your own hand.
I think, that one has to write a flatfile engine, the faster, the better,
that works with ! ! one ! file in the windows filesystem with a name, the
coder choses and thinks to be secure. It could be a good open source
project, to write a filesystem, that can be put into a binary file on any
platform. A great step in compatibility between systems.
Keep on testing software!
Martin Werner
P.S. Feel free to contact me at:
www.martinwerner.de
martin@martinwerner.de
