<<< Date Index >>>     <<< Thread Index >>>

Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues



Dear Daniel Hazelton,

--Tuesday, March 13, 2007, 8:29:39 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx:


DH> I haven't used Vista at all, but from reading the MS documentation about the
DH> new version of NTFS that it uses it appears that Unix style symlinks are
DH> supported. (From what I can tell they've been possible since the start, just
DH> not implemented)

DH> So for any WIndows system that shares the new NTFS code with Vista this is a
DH> valid vuln. Although I'm not positive about whether MS actually released
DH> tools along with Vista to use this feature, I'm more than certain that it
DH> does exist. (However, this may be a moot point. MS might still flag a
DH> cross-reference like a Unix-style symlink as a filesystem error)

Yes,  Vista  supports  Unix-style  symlinks  and  there  is "mklink". By
default,  only  member  of administrators group can create ones and this
policy  should  never  be  changed.  So,  again,  there  is  no  symlink
vulnerability in it's classic way in default configuration.

Only  if  you  change symlink policy, you get security hole. In terms of
Unix,  you'll  get  system with commonly used /tmp and without mkstemp()
ever used.



-- 
~/ZARAZA http://securityvulns.com/