| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5011B7B3.3040907@spin.net.au> Date: Fri, 27 Jul 2012 07:33:39 +1000 From: Chris Jones <chrisjones@...n.net.au> To: linux-kernel@...r.kernel.org Subject: Re: [BUG] NTFS code doesn't sanitize folder names sufficiently Marian Beermann wrote: > Hello everyone, > > today I noticed some very odd behaviour, which could lead people to > believe a loss of data, because it is possible to create directories > with backslashes in them. > > I am currently running kernel 3.5. > > To completly reproduce the problem to the full extend you'll need a > Windows computer, but to see whats wrong Linux completly suffices :-) > > On a Linux computer > 1. Create a directory named TestA on an NTFS partition > 2. Create a subdirectory of TestA named TestB > 3. Create a third directory alongside TestA named TestA\TestB (the > fundamental problem is this: backslashes in directory names) > > Connect the drive containing the NTFS partition now to a Windows > computer and navigate to the directory containing TestA and > TestA\TestB. If you navigate to the folder (not path!) TestA\TestB > you'll actually see the contents of the path TestA\TestB (the > subfolder TestB) and not the contents of the directory. > It is not possible on a Windows machine to access the contents of the > directory named TestA\TestB. This is not a bug in Windows, it's caused > by a bug in the NTFS driver, which allows illegal characters. > > The solution to this would be to disallow creation of files and > folders on NTFS drives containing illegal characters. > > Best regards > Marian Beermann Yeah that's a tough one. I wouldn't exactly call it a bug. There's probably lots of stuff like this you could do that the command line would allow you to perform but not be a correct and intended function. I would put this down to user error rather than a bug. Anyone with knowledge of operating systems and file system structuring should know that / or \ are illegal characters for creating a directories. Whether it be on Windows or Linux. Regards -- Chris Jones @ kernel.devproject@...il.com also on oracle.kerneldev@...il.com and netbsd.kerneldev@...il.com OpenSUSE 12.1 (IceWM/zsh) (PC)|Android 4.0.3 (Smartphone)|Windows 7 (Laptop)|Windows XP (Gaming) Linux kernel developer|Solaris kernel developer|BSD kernel developer Lead Developer of SDL|Lead Developer of Nest Linux|Gamer and Emulator nut|Web Services|Digital Imaging Services Controllers: Rapier V2 Gaming mouse|Logitech Precision|PS3 controller|XB360 controller|Logitech Attack 3 j/stick Emulators: Fusion|Gens|ZSNES|Project64|PCSX-R|Stella|WinVICE|WinUAE|DOSBox PGP Fingerprint: 4E38 0776 B380 63C8 F64F A7D6 736C CF56 42A4 FB35 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists