220.127.116.11 8.3 Naming Conventions
Briefly, the term 8.3 naming convention harkens back to the days of old, when MS-DOS only permitted filenames of the form AAAAAAAA.BBB (that is, up to 8 characters, followed by a period, followed by up to 3 more).
Later, Microsoft introduced long file names, but kept in Windows the ability to refer to each file by a short, or 8.3, name. For example, you might see a folder called Program Files on a Windows system. Its 8.3 name is typically PROGRA~1. Windows knows how to translate from one name to the other, and will accept either name for that folder, when accessing it. Why? This is done to maintain compatibility with (the now nearly 10 years old) application programs which were written in the old 8.3 days, and only understand file names if theyre in the 8.3 format. The fact that some programs still truncate file names to fit this convention (particularly the suffix, the 3 characters), has occasionally been used by crackers to sneak by an access control rule, getting it to allow access to a file which should not be accessible by having the rule check for access to a file of one name (either the long or 8.3 name), and the actual access occur to the OTHER file, due to a bug in the programs code.
Additionally, Windows files are not limited to containing a single . followed by a three-letter extension. A filename like my.doc.exe is perfectly legal. And this gives rise to another type of security issue which we covered briefly when discussing email-related vulnerabilities. Some programs start at the beginning of a filename, look for a dot, then take the next three characters as its extension, or file type. Why is this not good from a security standpoint? What if your mail programs settings allow users to open files of type doc but not of type exe? Is a file named my.doc.exe going to be looked at as a .doc file or an .exe file, by the mail program, when checking to see if the user is allowed to open it? Or if the mail program is set to ask the user whether or not they want to open the file, with the email client ask the user if the file my.doc.exe, or just my.doc, should be opened? Generally, the only way to know for sure is to test it.
More than one Trojan horse has been distributed by not adhering to conventional naming, e.g., watchthisporn.jpg.exe etc.207 For instance, the infamous ILOVEYOU virus spread by claiming to contain an attachment whose name displayed in Outlook as LOVE-LETTER-FOR-YOU.txt.
In reality the attachment that millions of users opened was named LOVE-LETTER-FOR-YOU.txt.vbs, and when opened, it ran a script that propagated the virus. Its also made its way onto the Kazaa file-sharing service, disguised as everything from videos to other executables208.
The fact that data files can be known by multiple names, a full long name, and a shorter name modified to fit into the old 8.3 naming convention, can enable malicious users to through defenses which may have restricted access to a file under one of its names, but not the other209.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.