Skip to content
This repository has been archived by the owner on Apr 26, 2021. It is now read-only.

File names with special characters are not going to execute on Windows #627

Open
chipitsine opened this issue Aug 25, 2015 · 3 comments
Open

File names with special characters are not going to execute on Windows #627

chipitsine opened this issue Aug 25, 2015 · 3 comments
Assignees
@botherder
Labels
Bug (confirmed)
Milestone
2.0

Comments

@chipitsine
Copy link

have a look:

https://malwr.com/analysis/MDlhZTQzMTg4Y2Q3NDNhNWE3OWMxODcwYjMxMDFkZjY/

filename "InvoiceFaker::Number.number(5)info_247694448826.exe" is valid for ext4, but is not valid for ntfs.

maybe some ntfs filename validation should be added or uuid filename instead of original ?
@jbremer
Copy link
Member

jbremer commented Aug 25, 2015

Indeed, colons are not allowed filenames on ntfs. But like, how is one supposed to run such a file on Windows anyway? If an attacker used that filename, it wouldn't run either.

@chipitsine
Copy link
Author

windows is not capable to store such files on ntfs. however it allows such files inside so called "zip" folders.

@botherder
Copy link
Member

Maybe that was a name that was given to the researcher that uploaded the file?
Either way, it's true, we should perhaps sanitize files in order to make them compliant to NTFS rules.

@botherder botherder changed the title generate random (uuid ?) filename on unpacking File names with special characters are not going to execute on Windows Aug 25, 2015
@botherder botherder added this to the 2.0 milestone Aug 25, 2015
@botherder botherder self-assigned this Aug 25, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@botherder botherder

Labels
Bug (confirmed)
Projects
None yet
Milestone
2.0
Development

No branches or pull requests
4 participants
@botherder @jbremer @chipitsine and others