Robert Thurlow wrote:
> Mike Oliver wrote:
>
>> Is it true that any old user can create symlinks whose content will be
>> interpreted as a reparse point? If so, what protections are in place to
>> prevent arbitrary content in such a user-created symlink from tricking
>> the system into doing something bad? Presumably the protection would be
>> implemented in 'reparsed' or its plug-ins, which aren't described in
>> this case, but perhaps you can comment on the general approach that will
>> be used to defend against abuse of the service data in the symlink
>> content.
>
> If you can write to the filesystem, you can create a symlink
> to point to your own secret stash of trojan-enables binaries
> via /net. In what way is this different?
I'd worry about subverting other aspects of the reparse system. For
example, subverting bugs in the parser itself.
-- Garrett
>
> Rob T
