[21544] in bugtraq
RE: Windows MS-DOS Device Name DoS vulnerabilities
daemon@ATHENA.MIT.EDU (David LeBlanc)
Mon Jul 16 17:30:36 2001
Reply-To: <dleblanc@mindspring.com>
From: "David LeBlanc" <dleblanc@mindspring.com>
To: "'Martin Werner'" <bugtraq@martinwerner.de>, <BUGTRAQ@securityfocus.com>
Date: Mon, 16 Jul 2001 12:26:09 -0700
Message-ID: <016301c10e2d$35063140$0100a8c0@davenet.local>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <NFBBJKFOALKALPBHJPFAMEOPCCAA.bugtraq@martinwerner.de>
> -----Original Message-----
> From: Martin Werner [mailto:bugtraq@martinwerner.de]
> Sent: Monday, July 16, 2001 3:31 AM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: AW: Windows MS-DOS Device Name DoS vulnerabilities
>
>
> Just want to give a new thought.
>
> Fact is, that on the one hand side, its merely impossible to
> write an safe
> ftp server using Microsofts Filesystem, because device names can cause
> trouble (and I think, this is not a bug, but it's been discussed)
I beg to differ. First, let's distinguish between file systems. If you say
that it wouldn't be advisable to write a FTP server designed to run on FAT
file systems, then I'd be inclined to agree. You can, OTOH, do a lot of work
to re-implement file system security sufficient for a FTP server and be OK.
Now, on to the issue with device names - this isn't all that terribly
difficult, and is part of proper file canonicalization practices. A call to
CreateFile() on a device name will always succeed (or possibly blow up an
unpatched Win9x system, so go get the patch or consider running your FTP
server on NT or Win2k). Next, a call to GetFileInformationByHandle() will
always fail if it is a device. GetFileType() can also be used to determine
whether something is a device.
David LeBlanc
dleblanc@mindspring.com
