Bugtraq mailing list archives
Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 14 Mar 2007 02:08:00 +0300
Dear Paweł Goleń, --Tuesday, March 13, 2007, 11:34:53 PM, you wrote to bugtraq () securityfocus com:
Process 1: Opens file for reading with FILE_SHARE_WRITE|FILE_SHARE_READ|FILE_SHARE_DELETE Process 2: Opens file for writing with FILE_SHARE_NONE and _succeeds_. With valid mandatory locking implementation process 2 _must fail_.
PG> 3APA3A, from one hand you are right this may be considered to be PG> vulnerability in Windows mandatory file locks. But I'm not sure if file PG> locks in Windows are mandatory. I've never considered "share modes" to PG> be security feature. It was advised in original article. PG> In order to be sure I'm creating not opening file I would probably PG> used CREATE_NEW as value for dwCreationDisposition attribute AND PG> FILE_SHARE_NONE to prevent others processess to open my file. ... PG> Am I correct or I'm missing something? You are right, and again it was advised in article. You've only missed the fact, sometimes you need to create a file with given name. The examples were demonstrated - file copy operation, archive extraction, restore from backup, file replications and creation of any persistent file (e.g. new document). And you get a problem - what to do with existing file, you can not simply create new one. At my opinion, if CREATE_NEW fails because file exists and user asks to overwrite file, application should try to remove existing file and re-create it with CREATE_NEW and fail, if second attempt with CREATE_NEW fails. But: ALL TESTED APPLICATIONS FAILED to act like this. It's true even for application you may expect to operate in secure way, because they restore original file permissions and may be used to copy secret information. Namely: xcopy (standard utility) with /Y opens existing file without attempt to delete it. robocopy (from resource kit) opens existing file ntbackup (if "replace file" option is on during restore) opens existing file rar opens existing file PG> And one question - which flag for dwCreationDisposition is used for PG> example by Microsoft World during creating temporary files. According to tests I recently made, Word correctly behaves with both original file (it doesn't edit original file, but renames it, creates new one and copies content) and temporary file (also new file is created). It may be slow, but it's safe :) It may be possible to catch race condition between old file is renamed and new one is created, but it's a bit harder to test. -- ~/ZARAZA http://securityvulns.com/
Current thread:
- Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues, (continued)
- Re[2]: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A (Mar 12)
- RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues M. Burnett (Mar 09)
- RE: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes (Mar 09)
- Message not available
- RE: Re[4]: Microsoft Windows Vista/2003/XP/2000 file management security issues Roger A. Grimes (Mar 09)
- Message not available
- Re: Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues Thor (Hammer of God) (Mar 09)
- Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A (Mar 13)
- Re: Microsoft Windows Vista/2003/XP/2000 file management security issues Daniel Hazelton (Mar 13)
- Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A (Mar 15)
- Re: Microsoft Windows Vista/2003/XP/2000 file management security issues Paweł Goleń (Mar 13)
- Re[2]: Microsoft Windows Vista/2003/XP/2000 file management security issues 3APA3A (Mar 14)