Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 79407 invoked from network); 9 Jan 2002 11:10:25 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 9 Jan 2002 11:10:25 -0000 Received: (qmail 24704 invoked by uid 97); 9 Jan 2002 11:09:48 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 24662 invoked by uid 97); 9 Jan 2002 11:09:46 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 24650 invoked from network); 9 Jan 2002 11:09:44 -0000 Message-ID: <00b101c198fe$5c1eebd0$8e00a8c0@pegasusii> From: "Attila Szegedi" To: "Tomcat Developers List" References: <20020109053023.28062.qmail@web20105.mail.yahoo.com> Subject: Re: KPMG-2002003: Bea Weblogic DOS-device Denial of Service Date: Wed, 9 Jan 2002 12:11:15 +0100 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_00AD_01C19906.BCC70E60" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N ------=_NextPart_000_00AD_01C19906.BCC70E60 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Why not just use defaults, and provide a way for an administrator to = configure additional reserved filenames. The administrator *SHOULD* know = if there are additional dos devices defined on the system... Attila. ----- Original Message -----=20 From: "Jim Seach" To: "Tomcat Developers List" Sent: 2002. janu=E1r 9. 6:30 Subject: RE: KPMG-2002003: Bea Weblogic DOS-device Denial of Service > There is one, but it would be better if we didn't have to use native > code. >=20 > = http://msdn.microsoft.com/library/default.asp?url=3D/library/en-us/fileio= /filesio_697p.asp >=20 > Platform SDK: File Storage=20 >=20 > QueryDosDevice > The QueryDosDevice function retrieves information about MS-DOS device > names. The function can obtain the current mapping for a particular > MS-DOS device name. The function can also obtain a list of all = existing > MS-DOS device names.=20 >=20 > MS-DOS device names are stored as symbolic links in the object name > space. The code that converts an MS-DOS path into a corresponding path > uses these symbolic links to map MS-DOS devices and drive letters. The > QueryDosDevice function enables an application to query the names of > the symbolic links used to implement the MS-DOS device namespace as > well as the value of each specific symbolic link.=20 >=20 > DWORD QueryDosDevice( > LPCTSTR lpDeviceName, // MS-DOS device name string > LPTSTR lpTargetPath, // query results buffer > DWORD ucchMax // maximum size of buffer > ); >=20 ------=_NextPart_000_00AD_01C19906.BCC70E60 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII5DCCAoIw ggHroAMCAQICAwWA9zANBgkqhkiG9w0BAQIFADCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl c3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsT FENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAw MC44LjMwMB4XDTAxMDgyNDEyNTAxOVoXDTAyMDgyNDEyNTAxOVowRjEfMB0GA1UEAxMWVGhhd3Rl IEZyZWVtYWlsIE1lbWJlcjEjMCEGCSqGSIb3DQEJARYUc3plZ2VkaWFAZnJlZW1haWwuaHUwgZ8w DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJfZ3HjF4wEYvd2vWSIQhF8Zutf40d+b319wFimtd6BI H2kPg5Ra9vtmSWJyKsW8EyjExe79If64XIT5dDxpfmywJvxai5nnQU1qgDmjM3ZBOmukBcgGN1xF LMiQu2U8rS2GVOkf06viTik6TNz69dscjG5ZZ2weC3deihDBZGmfAgMBAAGjMTAvMB8GA1UdEQQY MBaBFHN6ZWdlZGlhQGZyZWVtYWlsLmh1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQECBQADgYEA XavDExjcsNv9tdAN9Ee4hrxlxrk428BsOpz0z7mfOySLc5EVI5cH/1GH8/5+RiCIugmF/QK2qvZi mex3wzvvj53rTCKmYP6j4HuCt1buzGE2bimIDKdluBCGO/RrjqP/gn+MwFWar1YH+CrmGlDuqrNM b15Jt+wCVxZ4RuqqQBQwggMpMIICkqADAgECAgEMMA0GCSqGSIb3DQEBBAUAMIHRMQswCQYDVQQG EwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoT EVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlz aW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEW HHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDAwODMwMDAwMDAwWhcNMDIwODI5MjM1 OTU5WjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw ZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgw JgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQDeMzKmY8cJJUU+0m54J2eBxdqIGYKXDuNEKYpjNSptcDz63K737nRvMLwzkH/5 NHGgo22Y8cNPomXbDfpL8dbdYaX5hc1VmjUanZJ1qCeu2HL5ugL217CR3hzpq+AYA6h8Q0JQUYeD PPA5tJtUihOH/7ObnUlmAC0JieyUa+mhaQIDAQABo04wTDApBgNVHREEIjAgpB4wHDEaMBgGA1UE AxMRUHJpdmF0ZUxhYmVsMS0yOTcwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ KoZIhvcNAQEEBQADgYEAcxtvJmWL/xU0S1liiu1EvknH6A27j7kNaiYqYoQfuIdjdBxtt88aU5FL 4c3mONntUPQ6bDSSrOaSnG7BIwHCCafvS65y3QZn9VBvLli4tgvBUFe17BzX7xe21Yibt6KIGu05 Wzl9NPy2lhglTWr0ncXDkS+plrgFPFL83eliA0gwggMtMIIClqADAgECAgEAMA0GCSqGSIb3DQEB BAUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBl IFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u IFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0Ex KzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNOTYwMTAxMDAw MDAwWhcNMjAxMjMxMjM1OTU5WjCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2Fw ZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUadfUsJRkW3HpR9gMUbbqcpGwhF59LQ2P exLfhSV1KHQ6QixjJ5+Ve0vvfhmHHYbqo925zpZkGsIUbkSsfOaP6E0PcR9AOKYAo4d49vmUhl6t 6sBeduvZFKNdbnp8DKVLVX8GGSl/npom1Wq7OCQIapjHsdqjmJH9edvlWsQcuQIDAQABoxMwETAP BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAMfskn5O+PWWpWdiKqTwTRFg0G+NYFhh rCa7UjVcCM8w+6hKloofYkIjjBcP9LpknBesRynfnZhe0mxgcVyirNx54+duAEcftQ0o6AKd5Jr9 E/Sm2Xyx+NxfIyYJkYBz0BQb3kOpgyXy5pwvFcr+pquKB3WLDN1RhGvk+NHOd6KBMYIB/jCCAfoC AQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNh cGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEo MCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDBYD3MAkGBSsOAwIaBQCg gbowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDIwMTA5MTExMTE1 WjAjBgkqhkiG9w0BCQQxFgQUQdRqQiAKZkUQ33jF7I8bNtNlAz4wWwYJKoZIhvcNAQkPMU4wTDAO BggqhkiG9w0DAgICAIAwCgYIKoZIhvcNAwcwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI hvcNAwICASgwBwYFKw4DAh0wDQYJKoZIhvcNAQEBBQAEgYBJ8R3GNhy0iFNuKOx+tdwYwtvPke6l i9LSNCbZqmnA2z8+g69TKNf2r8VZgK1XUG2P07ex0KaZ7pgRPpVj71zj+wphR3oHWMDTw/vSEdrn T5/uYIjaGMfuYMoRyOHflSqNDK8zmUEn0IrSxRh3DNKRX2ihMWv3yTz7yf8ChfetZQAAAAAAAA== ------=_NextPart_000_00AD_01C19906.BCC70E60--