[9143] in bugtraq
Re: Personal web server
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Jan 21 12:31:13 1999
Date: Wed, 20 Jan 1999 23:20:16 -0800
Reply-To: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
From: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
X-To: Aleph One <aleph1@underground.org>
To: BUGTRAQ@NETSPACE.ORG
In message <19990120165948.A14518@underground.org>, Aleph One writes:
>
>I tought we've seen the last of these Windows file aliases vulnerabilities.
>Guess I was wrong. Incredible the amount of cruft the Windows file name
>parser will take. Wonder what other wonderful aliases are waiting to be
>discovered.
I'm sure there are others; determing access permissions by application-level
parsing of file names is a fundamentally flawed notion. I've watched it fail
for at least 20 years, in systems at least as old as uucp through today's
Web servers. And it's not just Windows, though the complexity of its
syntax compared to that of Unix makes life much tougher. And think of all
of the opportunities for race conditions with this sort of parsing, especially
with complex types.
