"Michael C. Bazarewsky" wrote: > > > Known to who? Is it documented anywhere? > > MS KB Q172190 discusses this behavior, NTFS Tunneling. It's covered in > the Microsoft Official Curriculum course # 922, as well. (I know the MOC is > not the most widely looked-at reference, but the KB is fair game.) Thanks & to the other half-dozen who pointed this out. I must be being particularly thick this week. Or perhaps MS are just choosing obscure keywords. I searched KB, both online and from a technet CD, but obviously I didn't choose the approved jargon. "Tunnelling" is a long way from any keywords that I'd associate with file systems - and a search for "tunnelling and ntfs" turns up a great many references to VPNs and bits of networking. It now turns out that it isn't really a property of the file system at all, which obviously makes the search even harder. If it is a bug at all it is perhaps a bug in documentation. I have used NT for years, and I've never come across this idea as far as I can remember. Presumably my fault for not paying attention. Obviously not serious, but I bet that someone, somewhere, has an application that depends on file creation dates and wonders why it goes wrong every now and again. That is a *mild* potential security problem, if only because it could cause confusion. Documentation bugs can be security problems. Unexpected or unwanted behaviour from a machine is always a potential security problem. The accumulation of seemed-like-a-good-idea-at-the-time backwards-compatible gotchas in the Windows file systems - unkillable system program names, old DOS device files in every directory, files that don't show up in Explorer whichever buttons you press, files that look like one type of executable but execute like another (just to mention some that have come up on Bugtraq in the past few weeks), the old chestnut of "invisible" multiple data streams (which still catches people out 5 years after it first got notorious) - all combine to introduce uncertainty and unpredictability, which leaves gaps for security errors. Hmmm... this turns into a rant more on-topic for Risks than for Bugtraq - I bet they have some old postings on the topic somewhere... Ken
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 08:30:42 PDT