Slashdot Mirror
In a Throwback To the '90s, NTFS Bug Lets Anyone Hang Or Crash Windows 7, 8.1 (arstechnica.com)
Windows 7 and 8.1 (and also Windows Vista) have a bug that is reminiscent of Windows 98 age, when a certain specially crafted filename could make the operating system crash (think of file:///c:/con/con). From an ArsTechnica report: The new bug, which fortunately doesn't appear to afflict Windows 10, uses another special filename. This time around, the special filename of choice is $MFT. $MFT is the name given to one of the special metadata files that are used by Windows' NTFS filesystem. The file exists in the root directory of each NTFS volume, but the NTFS driver handles it in special ways, and it's hidden from view and inaccessible to most software. Attempts to open the file are normally blocked, but in a move reminiscent of the Windows 9x flaw, if the filename is used as if it were a directory name -- for example, trying to open the file c:\$MFT\123 -- then the NTFS driver takes out a lock on the file and never releases it. Every subsequent operation sits around waiting for the lock to be released. Forever. This blocks any and all other attempts to access the file system, and so every program will start to hang, rendering the machine unusable until it is rebooted.
I just opened c:\$MFT\123 on my system and nothing bad happ
As I use Windows 10 I doBUY XBOX ONE! ON SALE TODAY ONLY!n't have such problems.
#DeleteFacebook
Just think of all the fun someone could have on a thousand+ user application server -_____- Hopefully Microsoft will actually patch this, instead of continuing the trend of shitting on Win7/8 users in an effort to encourage them to move to 10.
There is no XUL, only WebExtensions...
According to redmond it still is the nineties. This thing's always been there.
My favorite WinXP crash bug was the crash that happen every 45 days of continuous uptime.
True enterprise level bugs
I just get "The directory name is invalid."
Me: hey can I get in the bank vault?
Bank: no.
Me: what about this box inside the vault?
Bank: oh that? Hey sure. Here's the only key. Also we're locking you in. Forever.
In the 30 years that I've been an occasional sw developer, the most frustrating coding error I see is assumptions. Just last night I was looking at a website which is critical of systemd, and points out all the places where Poettering makes assumptions about something that is supposed to happen, or should be in place, and moves forward with the code.
Buffer overflows account for so many breaches. Why would anyone make an assumption about the sizeof a network packet, or any variable, and force copy it into a structure of specific size? How hard is it to only copy up to the size of the buffer? Better yet, check the packet size first and flag a meaningful error if the packet is too big, or create a buffer big enough, but checking if the packet is malformed, bigger than spec, etc. I wish I could understand how this kind of stupidity is making it into production and being shipped out.
Saw the article and spun up a test VM with Win 7.
Exploit/bug/crash/vulnerability works as advertised. Scary. An easy way to bring down an entire operating system with a bat file and a little startup/service knowledge.
Another consultant who stuck it out.
"We are the Priests, of the Temples of Syrinx..."
Just SSH in, kill X and reload your kernel modules. It's not elitist at all to assume that every user knows this trick.
There is no XUL, only WebExtensions...
I tested this... who wouldn't .
It seems to be harmless when not logged in as an Administrator.
The second I run copy C:\$MFT\123 C:\Users\blah
as Administrator however, filesystem access freezes.
So yeah..... don't run programs as Admin that use random user-specified filenames and you should be fine?
Do any real unix filesystems have magic filenames? I know unlinked files will be dumped in lost+found by convention, but it's just a directory. HFS+ didn't grow up on unix, so all of its magic files don't really count (NeXT used UFS, right?)
All I can think of is mount/.zfs on ZFS, but it's built to handle traversal - any others? Any kernel code that relies on structures that can be impacted from userspace is a potential problem, so if there are some we should watch out for them and double-check that code.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
No timeout, full stop.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Hans Riser makes sure of it, unlike Bill Gates.
Make software great again!
Riser & Mcafee 2021: the bath salts must flow!
It should have been the $MSFT.
Pfft. I don't need an NTFS bug for that, it happens on its own.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
$ c:\$MFT\123
c:$MFT123: command not found
$
Will $CURRENT_YEAR be the year of the Linux Desktop?
Just for funsies I loaded up my Windows NT 3.51 VM I have around for no good reason and tried it, and it immediately hard-locked. Must be a very old bug.
So for some reason no one mentioned that this bug also affects Server 2008 and 2008 R2. Even though most IT people would know that those are more or less identical OSs to Windows 7 and 8 respectively, it still should be listed.
Just opened C:\$MFT\123 from notepad and then BSOD =).
I can confirm that this bug seems to also affect Server 2012 R2, just not through explorer (try the run dialog).
UNIX hides files, but not from the admin, and it's not the file browser's place to forbid anyone to see a file. But it's "easier" and "simpler" to have the computer tell the owner only the selected parts, leaving hidden files with odd meaning and weird content known only to hackers and MS themselves a loophole that freight convoys can drive through.
And it's lazy programming to have such files meaning something to the filesystem. Design the filesystem to hold its content and there should be no need to have magic files. Half-ass the design and you need them to allow bugfixes that don't change the "filesystem".
This just gives me a warm fuzzy blast from the past. And present. An maybe future of my Windows install. But I don't really worry, I only use my Windows box for runny Adobe stuff.
If you want news from today, you have to come back tomorrow.
If you want to try it out here is one easy way (Windows 7 or 8 only)
Create a HTML file called test.html and copy and paste this text as source
Then Launch it using IE, once you lauch it you will not be able to open any NEW applications, you an also embed this code into an HTML email and basically kill outlook.
Yes!
The more bugs in the original release, the merrier!
Really?
(T)he (O)ld (M)an
Dropped to cmdline in Win7 and did dir $MFT, stuff that runs from cache still worked but anything requiring disk locked up hard. Had to reboot. Sad. Thanks Obama!
-- Each tock of the Planck clock is a new world and here we are still life. --
Microsoft has a long list of bad bugs. I seem to remember reporting of a variant of this during the NT4 beta at a major computer manufacturer. Never got fixed. In fact I submitted over a hundred issues before I realized they weren't really interested in fixing bugs at all and stopped. Whenever M$ wants to bump the conversion to Win-10 numbers, they will just workaround one of these in 10 and release it to one of their tame "journalists". Who will play it up for free and serve M$ purpose.
Was the most stupid and biggest act of heresy Microsoft ever did!
X and/or whatever desktop I'm running crashes anyway: it's about as stable as Windows ME. Windows 10 never crashes now.
I've also had WebGL lock the GPU; last message printed to the screen is something like "GPU lock up" and then the screen goes to some colorful pattern. I have not yet managed to recover from that state without power cycling (nvidia / nouveau).
I tried everything on my XP using admin account and created a file by
echo >> foobar c:\$MFT\foofile
But "The system cannot find the path specified" is returned.
Try this on a terminal services server with many users logged in. Well yep the server needs restarting.