[21642] in bugtraq
Re[2]: long filename issue in Win9x
daemon@ATHENA.MIT.EDU (Phaedrus)
Thu Jul 19 12:48:33 2001
Date: Wed, 18 Jul 2001 14:47:04 -0700
From: Phaedrus <phaedrus-securityfocus@lycanon.org>
Reply-To: Phaedrus <phaedrus-securityfocus@lycanon.org>
Message-ID: <184109784471.20010718144704@lycanon.org>
To: bugtraq@securityfocus.com
In-Reply-To: <20010718121427.D29434@cadge.midwinter.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Please note that the batch file I mentioned earlier should only be
used on a Win95 or Win98 system. Win2K contains new and improved
Anti-Dumb-Installer Technology(tm), which attempts to detect and
compensate for programs mislaunching themselves in this way. In fact,
a fully-patched Win2K system will warn you during your next startup
that the Program.bat file 'might interfere with system operation'
(since the presence of an actual 'C:\Program' file disables the
aforementioned Anti-Dumb Installer Technology[tm]), and offers to
rename Program.bat to Program1.bat.
And as long as I'm correcting myself, here's a slightly-improved
version of the batch file, which allows the problem program to
continue to run (thus bringing some of the benefits of Anti-Dumb
Installer Technology[tm] to Win9x):
@echo off
echo Incorrect program launch detected!
echo Incorrect command line:
echo C:\Program %1 %2 %3 %4 %5 %6 %7 %8 %9
echo Press Ctrl+C to abort the program's launch; or press any other
echo key to attempt to run the following program:
echo "C:\Program %1" %2 %3 %4 %5 %6 %7 %8 %9
pause
"C:\Program %1" %2 %3 %4 %5 %6 %7 %8 %9
P> Better yet, create a batch file containing the following four lines,
P> and save it as "C:\Program.bat":
P> @echo Incorrect program launch detected!
P> @echo Incorrect command line:
P> @echo C:\Program %1 %2 %3 %4 %5 %6 %7 %8 %9
P> @pause
P> If this batch file gets launched on your system at startup time, it's
P> because of an installer bug in a program installed on the system. On
P> a Win98/WinME system, you should be able to use msconfig's Startup tab
P> to find and disable the offending program.
P> The cause of this bug: As Windows users are probably aware, there are
P> several mechanisms that can be used to launch a program at startup:
P> most notably, the Startup program group, a 'run=' directive in the
P> WIN.INI file, and the
P> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and
P> RunOnce keys in the registry. With any of these mechanisms, if the
P> pathname of the program being run contains any spaces, the full
P> pathname must be in quotes. To be on the safe side, many installers
P> always put the pathname in quotes; this is fine too. For example,
P> this would correctly launch the fictitious FooNet in /monitor mode at
P> startup time:
P> "C:\Program Files\FooNet\FooNet.exe" /monitor
P> If the installer program forgets to include the quotes, like this:
P> C:\Program Files\FooNet\FooNet.exe /monitor
P> then Windows will see the space in "Program Files" as a command line
P> delimiter; it will try to launch "C:\Program", and tell it to open
P> "Files\FooNet\Foonet.exe /monitor". In the extremely likely event
P> that you don't have anything named "C:\Program" on your system, you'll
P> get a rather puzzling "Can't run C:\Program.exe" error dialog from
P> Windows. If you install the "C:\Program.bat" batch file mentioned
P> earlier, you'll instead see:
P> Incorrect program launch detected!
P> Invalid command line:
P> C:\Program Files\FooNet\Foonet.exe /monitor
P> Press any key to continue...
P> Now, if you're a technically savvy user, you can use msconfig to
P> figure out exactly where this incorrect command line is being stored
P> (in the Startup group, the registry or WIN.INI), and use the
P> appropriate tool to fix the problem. If you're not quite this
P> technically savvy, you can simply uninstall FooNet and mercilessly
P> harass its manufacturer for a bug fix.
--
Best regards,
Phaedrus mailto:phaedrus-securityfocus@lycanon.org
