lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY9-DAV234Vjf3pr73000147e1@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: FAT32 input > output = null?

Fat32 file output redirect overwrites self.
===========================

odd behavior... >?

1.) console application output redirected to itself ( file.ext > file.ext )
C:\test>program.exe >program.exe
 program.exe
The process cannot access the file because it is being used by another process.

ok great, normal error ( i thought )
by seeing this error, one might think "phew, i just saved myself from
overwriting that file"
but

2.) try running original program
C:\test>program.exe
[popup]
C:\test\program is not a valid Win32 application.
    [/popup]
Access is denied.

uh-o

3.) directory listing
C:\test>dir
 Volume in drive C has no label.
 Volume Serial Number is 1F2E-1405

 Directory of C:\test

02/16/2003  03:00 AM    <DIR>          .
02/16/2003  03:00 AM    <DIR>          ..
02/16/2003  03:31 AM                 0 program.exe
               9 File(s)         0 bytes
               2 Dir(s)     435,847,168 bytes free


i do not know if this is proper behavior.
but it would appear that you SHOULD be safe due to windows
file locking, and the saftey is further bolstered by nice warning.
but alas... "Access Denied! "

so by observance we can deduce the following:
a. windows reads the originating program into memory ( fully(?)
b. the file output redirection ( > ) causes a write to file to the redirection
    call back upon itself, and thus begins overwriting the original file.
c. windows detects the file access and determines that this action is illegal
    and halts the operation and warns the user.


note: not tested under other disc formats.

Donnie Werner
http://exploitlabs.com 









Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ