lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 4 Jul 2012 15:36:54 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Windows short (8.3) filenames - a security
	nightmare?

"Bogdan Calin" <bogdan@...netix.com> wrote:

> Hi guys,
> 
> I wrote a blog post about security issues related with Windows short (8.3) filenames.
> 
> http://www.acunetix.com/blog/web-security-zone/articles/windows-short-8-3-filenames-web-security-problem/

1. tell news

2. since all (but Microsoft) know very well that Windows x64 can't run
   16-bit DOS and Windows 3.x programs any more Microsoft still enables
   8.3 filenames in all versions of Windows ... at least on the system
   drive.

JFTR: Windows Vista and later enforce 8.3 filenames on the system drive.

You can but try to remove them via
    %SystemRoot%\System32\FSUtil.Exe 8Dot3Name Strip ...
(see <http://technet.microsoft.com/en-us/library/ff621566.aspx>)


JFTR2: Windows NT4 and Windows NT5.x don't enforce this stupidity.

You can turn off 8.3 filename creation during setup of Windows NT5.x
via addition of a file

    --- \i386\MIGRATE.INF or \amd64\MIGRATE.INF ---
    [Version]
    Provider  = "Stefan Kanthak"
    Signature = "$Windows NT$"

    [AddReg]
    ; Disable creation of 8.3 DOS filenames (see MSKB 121007 & 210638)
    HKLM,"System\ControlSet001Control\FileSystem","NTFSDisable8dot3NameCreation",65537,1
    --- EOF ---

and modification of the file

    --- \i386\TXTSETUP.SIF or \amd64\TXTSETUP.SIF ---
    ...

    [HiveInfs.Fresh]
  + AddReg = MIGRATE.INF,AddReg

    [HiveInfs.Upgrade]
  + AddReg = MIGRATE.INF,AddReg

    ...
    --- EOF ---


JFTR3: when done, create an empty file "%ProgramFiles%\Shared.exe"
(change the filename according to your language to match
"%CommonProgramFiles%" up to the last space) to see the wonderful
crapware from InstallShield fail.-P

If not, it will fail anyhow, at least during uninstallation or repair.
You can count on Wise installer too.-(

When "%ProgramFiles%" contains a space, create the appropriate file
in %SystemDrive% too.

Yes, more than 17 years after the introduction of long filenames
there a still developers who don't know how to use them properly!


Stefan Kanthak

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ