[21648] in bugtraq
Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)
daemon@ATHENA.MIT.EDU (Glynn Clements)
Thu Jul 19 12:55:13 2001
From: Glynn Clements <glynn.clements@virgin.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15189.60019.897545.33478@cerise.nosuchdomain.co.uk>
Date: Wed, 18 Jul 2001 20:58:43 +0100
To: aland@striker.ottawa.on.ca
Cc: bugtraq@securityfocus.com
In-Reply-To: <E15MttN-0007Uj-00@giles.striker.ottawa.on.ca>
aland@striker.ottawa.on.ca wrote:
> > One may be tempted to block all the files below /dev inside
> > the browser/servers.
> > Could this be a cure for this problem under linux/UNIX?
>
> No. The browsers should be using the 'fstat' function, prior to
> opening any 'file://' URL.
fstat() requires a descriptor; you need to use stat().
BTW, on Unix, simply open()ing a device can have undesirable
consequences, hence the need to use stat() before opening the file.
> Regular files and directories should be
> OK. Links should have their links de-referenced, and the linked-to
> file 'fstat'ed also. Any other files should be ignored.
Symbolic links don't show up in the results from stat() or fstat();
you would need to use lstat() if you wanted to identify links (in this
case, you don't).
I notice that the Windows mechanism which is being recommended, i.e.
GetFileType(), requires a file handle. As Alun Jones pointed out:
> The person quoted here doesn't indicate whether it is merely opening the
> device files, or trying to access (read or write) their contents, is what
> will "wedge the DOS box" - if the former, then GetFileType is sadly of no
> assistance.
Can anyone shed any light upon whether the act of opening a device
under Windows can have undesirable side effects?
--
Glynn Clements <glynn.clements@virgin.net>
