httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Hudson <...@cryptsoft.com>
Subject Re: Showstoppers
Date Wed, 06 May 1998 00:28:18 GMT
According to Dean Gaudet:
> > > WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
> > > 
> > >     * SECURITY: check if the magic con/aux/nul/etc names do anything
> > >         really bad
> > 
> > Under Windows, a filename ending in ".../con" or aux, nul, prn, and some
> > others refer magically to built-in devices from the DOS 1.0 era
    It is actually more detailed than that in that the filename extension
is *ignored* in this processing. The challenge for the day is to create a 
file called "aux.c" under anything with the DOS kernel sitting underneath
it. Don't forget this little 'gem' in checking things ... in that the
extension should be stripped off or ignored during this check.

Tim.


Mime
View raw message