--- "Kayne Ian (Softlab)" <Ian.Kayneat_private> a écrit : > Files started "dissapearing" from the CD etc... Didn't go > much further than this... I do not think that you can go much further, unless the "strange" characters are converted to something else. It would then be possible to overwrite system files while displaying weird names in the Winzip (or anything else) interface. _If_ such an exploit exists, it would probably concern a specific client (e.g. command line unzip but not winzip...) BTW, some people ran into this problem years ago. In the old days, I read some parts of the POSIX specifications about this. I was on an OpenVMS environment, trying to use lex and yacc in the POSIX subsystem. VMS did not allow several dots in a file name, so the "POSIX" lex command generated lex_yy.c and yacc ytab.c (instead of lex.yy.c & y.tab.c). This was allowed by POSIX (so I could not trash the VMS for "legal" reasons <grin>). It then crossed my mind that worse problems could arise with cpio and tar. POSIX said that if those commands encountered a file that could not be created because of limitations of the underlying file system, they may rename it, or just drop it. ___________________________________________________________ Do You Yahoo!? -- Pour faire vos courses sur le Net, Yahoo! Shopping : http://fr.shopping.yahoo.com
This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 08:39:21 PDT