Home page logo
/

bugtraq logo Bugtraq mailing list archives

IE cookies assigned to RAM disk survive reboot
From: "Thomas C. Greene" <tcgreene () bellatlantic net>
Date: Sun, 18 Nov 2001 06:35:34 -0500


I was playing with a Windows box running '98-SE, using a RAM disk for my
temp & tmp dirs and browser cache for added security. I was quite surprised
to find that my RAM drive 'remembered' all of my cookies between reboots, in
spite of having gone into the registry to ensure, to the best of my ability,
that the RAM disk would be my default cookie directory.

Something's wrong. If you set your history option to zero days, nothing will
be recorded. Fine, and that's an essential for security. But I can't prevent
cookies from surviving boot to boot, and I've done more than just assign
Temporary Internet Files to my RAM disk in IE setup.

First, here's my autoexec.bat:
@ECHO OFF
XMSDSK 86352 G: /C1 /T /Y
MD G:TEMP
SET TMP=G:TEMP
SET TEMP=G:TEMP

And my swap file setup:
PagingDrive=G:
MinPagingFileSize=65536
MaxPagingFileSize=65536

I have IE set with the RAM disk [G:\] as my 'Temporary Internet Files'
directory. But of course, there's a 'Cookies' subdirectory in the Windows
directory, which retains them and which has to be dealt with.

You'll find in the registry a key called Paths:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache\Paths

Which, in spite of your IE setup, will include a value indicating that the
cookie directory should be C:\Windows\Cookies.

So of course I changed it to G:\Temporary Internet Files\Cookies.

There is also a key called Special Paths:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache\Special Paths\Cookies

With the Default Directory C:\Windows\Cookies

Which, again, I changed to G:\Temporary Internet Files\Cookies.

There is another key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ProfileReconcili
ation\Cookies

With the value: DefaultDir *windir\Cookies

So changed DefaultDir to G:\Temporary Internet Files\Cookies as well.

I deleted all cookies from C:\Windows\Cookies and G:\Temporary Internet
Files\Cookies. I then booted into DOS and ran: del
C:\Windows\Cookies\Index.dat.

And then I started Windows and did some surfing. Then I rebooted. And when
Windows started I found all the cookies from that surf session in the
C:\Windows\Cookies directory *and* in the G:\Temporary Internet
Files\Cookies RAM drive directory.

I don't know how Windows is preserving these cookies. Any thoughts?

================
Thomas C. Greene
Washington Bureau Chief
"The Register"
mailto:thomas.greene () theregister co uk
http://www.theregister.co.uk




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]