| Delivered-To: | dds@aueb.gr |
| Return-Path: | <risks-bounces+dds=aueb.gr@csl.sri.com> |
| Received: | from mailgate-internal2.sri.com (mailgate-internal2.SRI.COM [::ffff:128.18.84.104]) |
| by blue.servers.aueb.gr with esmtp; Wed, 05 Oct 2005 20:38:42 +0300 | |
| id 000D125E.43440FA4.00003C36 | |
| Received: | from localhost (HELO mailgate-internal2.SRI.COM) (127.0.0.1) |
| by mailgate-internal2.sri.com with SMTP; 5 Oct 2005 17:44:20 -0000 | |
| Received: | from postal.csl.sri.com ([130.107.1.19]) |
| by mailgate-internal2.SRI.COM (SMSSMTP 4.1.9.35) with SMTP id M2005100510441917063 | |
| for <dds@aueb.gr>; Wed, 05 Oct 2005 10:44:19 -0700 | |
| Received: | from postal.csl.sri.com (localhost [127.0.0.1]) |
| by postal.csl.sri.com (8.12.9p2/8.12.9) with ESMTP id j95HeI6H001090 | |
| for <dds@aueb.gr>; Wed, 5 Oct 2005 10:40:18 -0700 (PDT) | |
| (envelope-from risks-bounces+dds=aueb.gr@csl.sri.com) | |
| From: | RISKS List Owner <risko@csl.sri.com> |
| Date: | Wed, 5 Oct 2005 10:13:05 PDT |
| precedence: | bulk |
| To: | risks-resend@csl.sri.com |
| Message-ID: | <CMM.0.90.4.1128532385.risko@chiron.csl.sri.com> |
| Cc: | |
| Subject: | [RISKS] Risks Digest 24.06 |
| List-Id: | RISKS <risks.csl.sri.com> |
| List-Unsubscribe: | <http://lists.csl.sri.com/mailman/listinfo/risks>, |
| <mailto:risks-request@csl.sri.com?subject=unsubscribe> | |
| List-Post: | <mailto:risks@csl.sri.com> |
| List-Help: | <mailto:risks-request@csl.sri.com?subject=help> |
| List-Subscribe: | <http://lists.csl.sri.com/mailman/listinfo/risks>, |
| <mailto:risks-request@csl.sri.com?subject=subscribe> | |
| Sender: | risks-bounces+dds=aueb.gr@csl.sri.com |
| Errors-To: | risks-bounces+dds=aueb.gr@csl.sri.com |
| blue.servers.aueb.gr | |
| version=3.0.3 |
RISKS-LIST: Risks-Forum Digest Wednesday 5 October 2005 Volume 24 : Issue 06 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/24.06.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Google, Privacy, and Masochism (Lauren Weinstein) Legal docs expose various risks in routine Diebold maintenance in NC (Joseph Lorenzo Hall) Car and van collide (Kathy Uek via Monty Solomon) Y2K glitches linger (George C. Kaplan) Windows delete command can fail silently (Diomidis Spinellis) Buffer overrun in television sets (Matt Roberds) Why telephone "Caller ID" is actually now even worse than we expected (Lauren Weinstein) Re: Mea culpa: How we got it wrong on CNID (Kelly Bert Manning) Windows and USB devices (Mike Swaim) Router worms and International Infrastructure (Gadi Evron) D.C. Red-Light Cameras Fail to Reduce Accidents (Monty Solomon) Re: Katrina victims required to use Microsoft IE (Michael Bacon) Re: Kitten on the keys... (Andrew Koenig) CCSA Fall Symposium Call for Participation 3 Nov 2005 (Michel Kabay) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- [...] ------------------------------ Date: Mon, 03 Oct 2005 16:48:33 +0400 From: Diomidis Spinellis <dds@aueb.gr> Subject: Windows delete command can fail silently In the Windows XP command interpreter CMD.EXE (the default command line shell) one can specify multiple arguments to the DEL(ete) command, in order to delete multiple files. If at least one of the files can be deleted, the command will not complain about any nonexistent files specified as arguments. For example: C:\> echo.>foo C:\> del nonexistent foo C:\> del nonexistent Could Not Find C:\nonexistent This behavior is non-orthogonal and risky. If one mistypes the name of one of several files that are to be deleted, that file will silently continue to exist. The same will happen if one of the files has the hidden attribute set: DEL will silently ignore it, rather than issue an error message. Although one should not depend on a delete command to reliably obliterate data, the current behavior can lead to difficult-to-locate bugs, especially in scripts. Further examination of the command reveals other instances of non-orthogonal behavior. When specifying multiple non-existent files as arguments, DEL will complain only about the first one, but when specifying multiple files with the read-only attribute set, DEL will complain about each one. Also DEL, never sets the ERRORLEVEL environment variable to indicate an error, although other commands, like DIR, set it correctly. The logic behind a correctly-operating implementation of DEL is trivial. errorlevel = 0 foreach filename if not delete(filename) then display_error_message(filename) errorlevel = 1 end if end foreach exit(errorlevel) If a central and critical piece of the Windows operating system, such as the command shell, can't get the above logic right, what are the chances of having in the system a secure TCP/IP stack, web browser, or firewall? Diomidis Spinellis - http://www.spinellis.gr ------------------------------ [...] End of RISKS-FORUM Digest 24.06 ************************
Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.