httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: Showstoppers
Date Wed, 06 May 1998 18:48:16 GMT
David D'Antonio wrote:
> 
> >It gets even worse!  Any filename COMPONENT in the entire path triggers this
> >problem.  E.g.:
> >
> >  GET /con/aux/index.html HTTP/1.0
> >
> >Sigh.  The device header chain is going to have to be followed to build the
> >list of special filenames / devices at runtime, since EMMXXXX0 is also
> >reserved whenever EMM386 (extended memory manager) is loaded or emulated in
> >both 95 and NT.  Might make for an interesting DOS attack against IIS or
> 
> ^^^
> In more ways than one! :-)
> >WebSite or other Windows-based servers.
> 
> My guess is that this is less of a problem on WinNT than for Win95, which still
> has DOS underneath the fancy skin.

Guess again. WinNT still believes in \any\real\path\con.ext. "type lpt1"
causes my shell to hang irretrievably.

No doubt there are others.

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686|  Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author    http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache

Mime
View raw message