Re: EXE files in DLLCACHE and nowhere else? Security problem?
From: linda w (lindaw_tlinxorg@hotmail.com)
Date: 12/04/02
- Next message: God: "What is it ?????"
- Previous message: Karl Levinson [x y] mvp: "Re: java(jdbgmgr.exe)"
- In reply to: Drew Cooper [MS]: "Re: EXE files in DLLCACHE and nowhere else? Security problem?"
- Next in thread: Matt Scarborough: "Re: EXE files in DLLCACHE and nowhere else? Security problem?"
- Reply: Matt Scarborough: "Re: EXE files in DLLCACHE and nowhere else? Security problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 04 Dec 2002 13:59:29 -0800 From: linda w <lindaw_tlinxorg@hotmail.com> To: "Drew Cooper [MS]" <dcoop@online.microsoft.com>
Took me a while to get back to this...had a response all cooked up, but
lost it on a new-program crash...very sad.
But I noted the below as fairly clever -- had to study it a while -- I wasn't
aware of all the little commands and options that have gotten added over time.
Last time I programed in .BAT was mostly back in pre win3.1 and some in
win95-98 days.
However, if I understand your program, it only checks the windows directory
to see if there are files in the dllcache dir that are not in the windows
directory, whereas my script checked (for better or worse) the entire system
to see if the files in the .dllcache were anywhere in the system.
I'm not super familiar with the SFP mechanism -- does it only protect files
under %windir% (C:/windows on my system)? Might the dll cache include files
from elsewhere on the system that have been somehow deemed as 'protectable?'
Your script comes up with 59 'not founds' in 71 seconds for the windir, whereas
mine comes up with only 45 not founds in 54 seconds when scoping out the entire
system. Modifying your script to use c:\ instead of windir takes 408 seconds,
but I admit it is an unfair comparison -- 'locate' uses a pre-built (nightly)
database that is a simple list of all the files on your system. Perhaps if
you could start/stop the indexing service on a nightly basis you could have
it generate a similar list.
But that's neither here nor there...you raise an interesting point in
your next email -- programs that uninstalled themselves didn't clean up
the dllcache. I wasn't aware programs were supposed to clean out copies
of themselves in the dll cache. The programs left over in my cache
were files from the IIS and such, for example -- does that mean the uninstall
routines for those programs should have a bug filed against them to fix
this problem?
Just a guess, but I would suppose *any* file in DLL cache not elsewhere is
leftover garbase -- not just .EXE's?
And so which is it? What directories or files can dll-prefetch/mirror?
Just those under Windows?
Thanks!
-linda
Drew Cooper [MS] wrote:
> Windows batch scripting can do it too, just for kicks, here's mine:
>
> pushd %windir% && for /f "usebackq tokens=*" %i in (`dir /b
> %windir%\system32\dllcache\*.exe`) do @dir /s /b %i |(findstr /iv dllcache
>
>>NUL || echo %i)
>
>
> :-)
>
> --
> Drew Cooper [MS]
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "linda w" <lindaw_tlinxorg@hotmail.com> wrote in message
> news:3DE3CC94.5040803@hotmail.com...
>
>>>I concocted a 1 liner* that displayed all the exe's in dllcache that
>>
>>---
>>forgot to include:
>>*- /c/windows/system32/dllcache> for i in `ls
>
> /c/Windows/system32/dllcache/*.exe
>
>>| tr "\n" " "`; do f=`basename "$i"` ; count=`locate "$f"|wc -l` ;if [
>
> $count
>
>>-le 1 ]; then echo $f; fi; done
>>
>>Ya gotta love Gnu/Bash scripting...:-)
>>-l
>>
>>
>
>
>
- Next message: God: "What is it ?????"
- Previous message: Karl Levinson [x y] mvp: "Re: java(jdbgmgr.exe)"
- In reply to: Drew Cooper [MS]: "Re: EXE files in DLLCACHE and nowhere else? Security problem?"
- Next in thread: Matt Scarborough: "Re: EXE files in DLLCACHE and nowhere else? Security problem?"
- Reply: Matt Scarborough: "Re: EXE files in DLLCACHE and nowhere else? Security problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
