Vista and symlinks
Gerald (Jerry) Carter
jerry at samba.org
Fri Mar 16 13:49:47 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anyone played with the mklink command on Vista to
create symlinks? Was just erading through BUGTRAQ
and saw it mentioned.
cheers, jerry
- --Tuesday, March 13, 2007, 8:29:39 PM, you wrote to
bugtraq at securityfocus.com:
DH> I haven't used Vista at all, but from reading the
DH> MS documentation about the new version of NTFS
DH> that it uses it appears that Unix style symlinks
DH> are supported. (From what I can tell they've
DH> been possible since the start, just not implemented)
DH> So for any WIndows system that shares the new NTFS
DH> code with Vista this is a valid vuln. Although I'm
DH> not positive about whether MS actually released
DH> tools along with Vista to use this feature, I'm more
DH> than certain that it does exist. (However, this may
DH> be a moot point. MS might still flag a cross-reference
DH> like a Unix-style symlink as a filesystem error)
Yes, Vista supports Unix-style symlinks and there
is "mklink". By default, only member of administrators
group can create ones and this policy should never
be changed. So, again, there is no symlink
vulnerability in it's classic way in default configuration.
Only if you change symlink policy, you get security hole.
In terms of Unix, you'll get system with commonly used
/tmp and without mkstemp() ever used.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF+qB7IR7qMdg1EfYRAu0sAKDZwVtER+Eg+youj/CxRES7kwCuigCfbrzC
4whmGiD3ldxwbUgXE0F55kQ=
=thuV
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list