Windows path names and system security :: spaces in path

[techAdmin]

A recent article points out one of the major security holes in all Windows products:

:: Quote ::

One cool thing about Windows is that although the path contains a space, it still runs the application fine, even if you don't place quotes around the entire command and even if you don't use the executable extension for iexplore.exe.

But how does Windows know where the program path ends and the program's command line parameters begin? How does it know that the user isn't trying to run a program named "C:\Program.exe" with the parameter "Files\Internet Explorer\iexplore?"

The problem is that it doesn't know. It just starts at the beginning and tries finding an executable until it finds a match. So in this case, it will try these files every time you run the command:

C:\Program.exe
C:\Program Files\Internet.exe
C:\Program Files\Internet Explorer\iexplore.exe

You might see where I'm going with this: if you place an executable named program.exe in the root directory, it will probably end up running quite a bit. In fact, it will run anytime Windows launches a Program Files executable that does not have quotes around the path.

Unix type systems of course have not generally permitted such file paths. This is easy to see when you try running such a path in Linux, it will look for the executable before the space, and treats the stuff after as arguments. Again, this decision was made to make the process more 'user friendly'. And, as always, 'user friendly' = insecure.

I'd always been aware that the way Windows treats spaces in paths was problematic, but this is the first article I've read that gives one of the main reasons in terms of system security why it's problematic.

[andy]

There was actually a time early in the UNIX years where it was possible to name a file with a space, or a - but impossible to refer to those files from the command line. Administrators would have to remove these files by their inode (number indicating where a file physically resided on the hard drive itself)

Allowing spaces in filenames is good for readability, and bad for everything else.