Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
Dear Daniel Hazelton,
--Tuesday, March 13, 2007, 8:29:39 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx:
DH> I haven't used Vista at all, but from reading the MS documentation about the
DH> new version of NTFS that it uses it appears that Unix style symlinks are
DH> supported. (From what I can tell they've been possible since the start, just
DH> not implemented)
DH> So for any WIndows system that shares the new NTFS code with Vista this is a
DH> valid vuln. Although I'm not positive about whether MS actually released
DH> tools along with Vista to use this feature, I'm more than certain that it
DH> does exist. (However, this may be a moot point. MS might still flag a
DH> cross-reference like a Unix-style symlink as a filesystem error)
Yes, Vista supports Unix-style symlinks and there is "mklink". By
default, only member of administrators group can create ones and this
policy should never be changed. So, again, there is no symlink
vulnerability in it's classic way in default configuration.
Only if you change symlink policy, you get security hole. In terms of
Unix, you'll get system with commonly used /tmp and without mkstemp()
ever used.
--
~/ZARAZA http://securityvulns.com/