VFS Critical Security Issue
Posted: 25 May 2007, 02:47
I ran a search for "/*" to test a new java binding I had written:
and got this:
As the result. aka C:\. So I replaced the search strign with /Windows/* and got:
Code: Select all
JNIEXPORT jstring JNICALL Java_aflobby_JUnitSync_SearchVFS
(JNIEnv *env, jclass myobject, jstring pattern){
const char* cpattern = env->GetStringUTFChars(pattern,0);
std::string path = filesystem.GetDirectory(cpattern);
std::string patt = filesystem.GetFilename(cpattern);
std::vector<string> f = CFileHandler::FindFiles(path, patt);
string s = "";
if(f.empty()==false){
for(vector<string>::iterator i = f.begin(); i != f.end(); ++i){
string q = *i;
s += q;
s += ",";
}
}
char* c = new char[max(1,(int)s.length())];
strncpy(c,s.c_str(),s.length());
jstring j = env->NewStringUTF(c);
return j;
}Code: Select all
\ACPI_10136.zip,\autoexec.bat,\config.sys,\P5B-1102.zip,\P5B-ASUS-1102.ROM,\sysrun23.dll,Is this not somewhat of a security risk? If not a performance issue? Lua has access to the VFS too, do we really want lua UI widgets that can access and list system critical files? Even send them over the network to the host who may be waiting for them?\Windows\Ascd_tmp.ini, \Windows\AS_Debug.txt, \Windows\AviSplitter.INI, \Windows\bfsvc.exe, \Windows\Business.xml, \Windows\DirectX.log, \Windows\DirectX_SDK.log, \Windows\DPINST.LOG, \Windows\DtcInstall.log, \Windows\explorer.exe, \Windows\Explorer.EXE.Z-missing.txt, \Windows\fveupdate.exe, \Windows\GEARInstall.log, \Windows\glview.INI, \Windows\HelpPane.exe, \Windows\hh.exe, \Windows\iis7.log, \Windows\iPlayer.INI, \Windows\IsUninst.exe, \Windows\jestertb.dll, \Windows\KB893803v2.log, \Windows\Lexstat.ini, \Windows\lsb_un20.exe, \Windows\MEMORY.DMP, \Windows\mib.bin, \Windows\MinGW.INI, \Windows\msdfmap.ini, \Windows\NeroDigital.ini, \Windows\notepad.exe, \Windows\ntbtlog.txt, \Windows\ODBC.INI, \Windows\PFRO.log, \Windows\QTFont.for, \Windows\regedit.exe, \Windows\setupact.log, \Windows\setuperr.log, \Windows\STA2.ini, \Windows\system.ini, \Windows\TSSysprep.log, \Windows\twain.dll, \Windows\twain_32.dll, \Windows\twunk_16.exe, \Windows\twunk_32.exe, \Windows\unins000.dat, \Windows\unins000.exe, \Windows\unins001.dat, \Windows\unins001.exe, \Windows\UNNeroBackItUp.cfg, \Windows\UNNeroBackItUp.exe, \Windows\UNNeroMediaHome.cfg, \Windows\UNNeroMediaHome.exe, \Windows\UNNeroShowTime.cfg, \Windows\UNNeroShowTime.exe, \Windows\UNNeroVision.cfg, \Windows\UNNeroVision.exe, \Windows\UNRecode.cfg, \Windows\UNRecode.exe, \Windows\vbaddin.ini, \Windows\win.ini, \Windows\WindowsUpdate.log, \Windows\winhelp.exe, \Windows\winhlp32.exe, \Windows\WMSysPr9.prx, \Windows\WORDPAD.INI, \Windows\_default.pif, dows├â┬©bs├é┬«+├âÔÇÜ