[21569] in bugtraq
Re: Win2K/NTFS messes file creation time/date
daemon@ATHENA.MIT.EDU (Ken Brown)
Tue Jul 17 12:25:42 2001
Message-ID: <3B540F46.438FDBAD@ccs.bbk.ac.uk>
Date: Tue, 17 Jul 2001 11:11:18 +0100
From: Ken Brown <k.brown@ccs.bbk.ac.uk>
Reply-To: k.brown@ccs.bbk.ac.uk
MIME-Version: 1.0
To: "''bugtraq ' '" <bugtraq@securityfocus.com>
Cc: "Michael C. Bazarewsky" <BazarewskyM@Software-Answers.com>,
mark.norman@lmiv.com, gcarter@valinux.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
"Michael C. Bazarewsky" wrote:
>
> > Known to who? Is it documented anywhere?
>
> MS KB Q172190 discusses this behavior, NTFS Tunneling. It's covered in
> the Microsoft Official Curriculum course # 922, as well. (I know the MOC is
> not the most widely looked-at reference, but the KB is fair game.)
Thanks & to the other half-dozen who pointed this out. I must be being
particularly thick this week. Or perhaps MS are just choosing obscure
keywords. I searched KB, both online and from a technet CD, but
obviously I didn't choose
the approved jargon. "Tunnelling" is a long way from any keywords that
I'd associate with file systems - and a search for "tunnelling and ntfs"
turns up a great many references to VPNs and bits of networking. It now
turns out that it isn't really a property of the file system at all,
which obviously makes the search even harder.
If it is a bug at all it is perhaps a bug in documentation. I have used
NT for years, and I've never come across this idea as far as I can
remember. Presumably my fault for not paying attention.
Obviously not serious, but I bet that someone, somewhere, has an
application that depends on file creation dates and wonders why it goes
wrong every now and again. That is a *mild* potential security problem,
if only because it could cause confusion. Documentation bugs can be
security problems. Unexpected or unwanted behaviour from a machine is
always a potential security problem.
The accumulation of seemed-like-a-good-idea-at-the-time
backwards-compatible gotchas in the Windows file systems - unkillable
system program names, old DOS device files in every directory, files
that don't show up in Explorer whichever buttons you press, files that
look like one type of executable but execute like another (just to
mention some that have come up on Bugtraq in the past few weeks), the
old chestnut of "invisible" multiple data streams (which still catches
people out 5 years after it first got notorious) - all combine to
introduce uncertainty and unpredictability, which leaves gaps for
security errors.
Hmmm... this turns into a rant more on-topic for Risks than for Bugtraq
- I bet they have some old postings on the topic somewhere...
Ken
