Vulnerability Development: Re: Valid characters on one o/s are invalid on another

["Craig Boston" <craig () aevrf gank org>]

That reminds me of something funny I noticed when using cyrus-imapd and having
it store the files on a remote smbfs mount (I'm insane, I know).  Try
something like this sometime from a *nix box:

smbclient \\\\ntserver\\share
smb: \> put deleteme
smb: \> ren deleteme deleteme.
smb: \> quit

On the NT server you now have a file whose name ends in a single dot (pay
close attention to the ren line with the dot at the end).  Apparently this is
an illegal filename as far as Windows is concerned and you won't be able to do
anything with the file from Windows.  You can't open it, delete it, rename it,
or do anything to it from either the shell or command-line.  The only way I
know of to get rid of the file is to use smbclient again, or use rd /s to nuke
the entire directory (deleting the folder from the GUI won't work).

I know this works against NT/2k servers on NTFS volumes.  I didn't think much
of it at the time and have not done any testing with 9x file sharing or FAT
volumes, so YMMV.

The funny thing is that even though virtually no file system tool is able to
so much as print the contents of the file, ntbackup has no problem backing up
and restoring it.

Craig

----- Original Message -----
From: "Kayne Ian (Softlab)" <Ian.Kayne () softlab co uk>
To: "Vuln-Dev" <VULN-DEV () SECURITYFOCUS COM>
Sent: Monday, June 25, 2001 3:15 AM
Subject: Valid characters on one o/s are invalid on another


Hey all,
This recent thread about antivirus scanners & DOS archives got me
thinking. Years ago (before *zip introduced the non-absolute paths option),
it was possible to create a zip archive with some files in, hex edit the
archive and change the locations of some of these files, thus making it
extremely easy to transparently replace files on a system that the archive
is extracted on. This used to be a particularly nasty trick on amiga bbs's -
the amiga version of zip was pretty pathetic to say the least. Anyway, this
got me wondering about seeing whether this was still possible (albeit in a
different manner). After playing around, I noticed something strange.

We all know Windows (well the FS really) doesn't allow certain ascii
characters to be used for filenames - ?, " etc... But, other o/s's
filesystems do - in this case Amiga O/S 3.0 & the FFS (fast file system).
So, when I got a CD on the amiga containing some files with legal characters
under workbench but illegal under windows, then tried to access the CD on a
windows machine (specifically the badly named files), some dodgy behaviour
happened. Files started "dissapearing" from the CD etc... Didn't go much
further than this...

Just wondering if anyone else has any thoughts/opinions on this ...
Is it even any use or worth looking into?

Ian Kayne
Technical Specialist - IT Solutions
Softlab Ltd - A BMW Company



********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.

If you are not the intended recipient or the person responsible for
delivering to the intended recipient, be advised that you have received
this email in error and that any use of the information contained within
this email or attachments is strictly prohibited.

Internet communications are not secure and Softlab does not accept
any legal responsibility for the content of this message. Any opinions
expressed in the email are those of the individual and not necessarily
those of the Company.

If you have received this email in error, or if you are concerned with
the content of this email please notify the IT helpdesk by telephone
on +44 (0)121 788 5480.

********************************************************************