Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Disk (over)quota in Windows 2000
From: jw () QITS NET AU (John Wiltshire)
Date: Thu, 2 Mar 2000 09:34:40 +1000


-----Original Message-----
From: Peter Gutmann [mailto:pgut001 () CS AUCKLAND AC NZ]
Sent: Wednesday, 1 March 2000 11:56 am
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: Disk (over)quota in Windows 2000


Dave Tarbatt - ACS <D.A.Tarbatt () BOLTON AC UK> writes:

I've been looking into disk quotas under Windows 2000 and
have uncovered a
few anomalies. On top of a few peculiarities there appears
to be a bug which
allows a user to exceed their disk quota by as much as they wish.

[...]

I discovered by experiment that new files can be created
upto a size of
(Quota - UsedSpace  + 2KB - 1byte), i.e. they can go
overquota by up to 2047
bytes. Not too much of a problem. Extending existing files
can be up to
(Quota - UsedSpace +1KB -1byte) i.e. up to 1023 bytes
overquota - nothing
much to be worried about.

Isn't this just a cluster-size filling issue?  It looks like
accounting is
being done on a bytes-used basis but files are managed on a
per-cluster basis,
so it's possible to extend files out to fill the cluster
without coming into
conflict with the quota system.

It could be because NTFS stores small files inside the MFT rather than
allocating separate storage space for the file.  This means that a small
file will only have the directory space charged against the owner until it
gets to sufficient size to actually take up space outside the MFT.

Do you get charged for the file creation itself?

John Wiltshire


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault