RE: [21.4] Enable win32 filenames under cygwin

Tuesday, 11 September 2001

Andy Piper wrote:

...
 >Are you planning to canonicalise the file or buffer names so
that
 >c:\dir\file and /cygdrive/c/dir/file are treated the same?

 I've thought about this. Yes we should probably do this but it would be 
 interesting to have some others thoughts on this. 
My main thought is that Windows has so many different aliasing
mechanisms that the main issue is which ones you're going to allow for
and which ones you're going to ignore; you'll never get them all.

If you want a list, search the BugTraq (and similar) archives for
vulnerabilities involving the ability to circumvent filename/URL
access controls by using aliases. Off the top of my head, you have:

 Case folding ("foo" == "FOO", usually but not always)

 8.3 filenames ("C:\Program Files" == "C:\PROGRA~1")

 Multiple dots ("..." == "..\..", sometimes)

 Device files ("<anything>\LPT1" == "<anything
else>\LPT1")

 Fault-tolerant Unicode (trailing invalid characters are discarded)

 Host aliases in UNC paths ("\\localhost\foo\bar" ==
 "\\127.0.0.1\foo\bar" == "\\0x7F000001\foo\bar" == ...)

I'm fairly sure that this isn't all of them.

Some of these aren't relevant outside of a security context (e.g. 
device files), but others may be.

-- 
Glynn Clements <glynn.clements(a)virgin.net&gt;

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

RE: [21.4] Enable win32 filenames under cygwin