mikael.olssonENTERNET.SE

• Next message: Kris Kennaway: "Re: xterm log file vulnerability"
• Previous message: Brett Lymn: "Re: [ Hackerslab bug_paper ] Linux dump buffer overflow"
• In reply to: Peter Gutmann: "Re: Disk (over)quota in Windows 2000"
• Next in thread: Sarkos Georgios: "Re: Disk (over)quota in Windows 2000"
• Reply: Mikael Olsson: "Re: Disk (over)quota in Windows 2000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Gutmann wrote:
>
> Dave Tarbatt - ACS <D.A.TarbattBOLTON.AC.UK> writes:
>
> >I've been looking into disk quotas under Windows 2000 and have uncovered a
> >few anomalies. On top of a few peculiarities there appears to be a bug which
> >allows a user to exceed their disk quota by as much as they wish.
>
> Isn't this just a cluster-size filling issue? It looks like accounting is
> being done on a bytes-used basis but files are managed on a per-cluster basis,
> so it's possible to extend files out to fill the cluster without coming into
> conflict with the quota system.

Not "just" a cluster-size filling issue. The idea of quotas is preventing
people from using all available hard disk space, as that is a VERY effective
DoS. This bug means that W2K basically does not have any quotas, since it does
not provide that protection.

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olssonenternet.se

• Next message: Kris Kennaway: "Re: xterm log file vulnerability"
• Previous message: Brett Lymn: "Re: [ Hackerslab bug_paper ] Linux dump buffer overflow"
• In reply to: Peter Gutmann: "Re: Disk (over)quota in Windows 2000"
• Next in thread: Sarkos Georgios: "Re: Disk (over)quota in Windows 2000"
• Reply: Mikael Olsson: "Re: Disk (over)quota in Windows 2000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]