[21615] in bugtraq
RE: long filename issue in Win9x
daemon@ATHENA.MIT.EDU (Jesper M. Johansson)
Wed Jul 18 14:01:58 2001
Reply-To: <jjohanss@bu.edu>
From: "Jesper M. Johansson" <jjohanss@bu.edu>
To: "'R v. Dijk'" <rd.engind@preciamolen.nl>, <bugtraq@securityfocus.com>
Date: Wed, 18 Jul 2001 12:08:44 -0400
Message-ID: <005301c10fa3$eba29070$be00a8c0@src.bu.edu>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <000401c10f47$aec7aa20$5403a8c0@preciamolen.nl>
>make a 'PROGRAM.EXE' executable in your C:\, and reboot windows. 99%
chance
>it will start up something like this
>"C:\PROGRAM files\Internet Explorer\blah blah /systray"
>Now PROGRAM will be invoked, with then rest as a parameter list. This
caused
>me a headache, because I didn't know where to start
This does not have anything to do with long filenames, but rather the
problem that many developers do not properly quote paths when they put
them in the <hive>\Software\Microsoft\Windows\CurrentVersion\Run key. If
you have an entry like this, with quotes:
"C:\Program Files\ResponsibleDevIsUs\someBinary.exe"
In that key, then everything is copasetic. However, if the entry looks
like this, without quotes:
C:\Program Files\IrresponsibleProgrammingCorp\someBinary.exe
Then the system will interpret this string as two strings: "C:\Program"
and "Files\IrresponsibleProgrammingCorp\someBinary.exe". The first will
match your rogue executable, and the other will simply fail, and you
might get an error message.
Note that (1) there are more locations than the one I listed above where
this can happen, and (2) if you are concerned about users putting rogue
executables into your %systemdrive% (which you should be) you should ACL
that directory so that they cannot do so.
Jesper M. Johansson
