Tuesday, April 19, 2011

About Case sensitivity & security for SUA Programs

When installing Utilities and SDK for Subsystem for UNIX-based Applications, you might want to choose whether to change the default behavior of object names such as file names to being case sensitive. The choice you make will affect system security as well as how Subsystem for UNIX-based Applications functions.
In Windows, the names of most objects (such as files and directories) are case preserving, but case insensitive. That means you can use uppercase and lowercase characters when naming such objects, but Windows does not distinguish between names based on case alone. For example, you cannot have two files in the same directory named sample.txt and Sample.txt because Windows regards the names to be identical for the purposes of identifying files. The UNIX operating system, on the other hand, is fully case sensitive, and so UNIX computers distinguish between object names when the only difference between those names is the case of characters used in the object names. On most UNIX computers, therefore, sample.txt and Sample.txt could appear in the same directory, and the UNIX computer would distinguish between them when performing operations on the files. For example, the command rm S*.txt would delete Sample.txt but not sample.txt.
In order to implement typical UNIX behavior, the SUA subsystem is normally case sensitive when working with file names. This can present security issues, particularly for Windows users who are accustomed to the case-insensitive conventions of Windows. For example, a Trojan horse version of edit.exe named EDIT.EXE could be stored in the same directory as edit.exe. If a user were to type edit at a Windows command prompt, the Trojan horse version (EDIT.EXE) could be executed instead of the standard version. If case sensitivity is enabled, Windows users should be made aware of this possibility.
In Windows Server 2003, the default behavior of subsystems other than the Win32 subsystem is to be case preserving but case insensitive; in previous versions of Windows, such subsystems were fully case sensitive by default. In order to support standard UNIX behavior, you have to do the following to enable Case sensitivity.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To enable Case-Sensitivity:
    click Start -> Run. type regedit.
    traverse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel
    Double Click on obcaseinsensitive -> Set the value to 0.
To disable Case-Sensitivity:
    click Start -> Run. type regedit.
    traverse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel
    Double Click on obcaseinsensitive -> Set the value to 1.
 Notes:
  •     you need administrator privileges to do this.
  •     You will have to restart the machine for this setting to take effect.

No comments:

HTMLCode

HTMLCode Content