File name confusion attacks, such as malicious symbolic links and file squatting, have long been studied as sources of security vulnerabilities. However, a recently emerged type, i.e., case-sensitivity-induced name collisions, has not been scrutinized. These collisions are introduced by differences in name resolution under case-sensitive and case-insensitive file systems or directories. A prominent example is the recent Git vulnerability (CVE-2021-21300) which can lead to code execution on a victim client when it clones a maliciously crafted repository onto a case-insensitive file system. With trends including ext4 adding support for per-directory case-insensitivity and the broad deployment of the Windows Subsystem for Linux, the prerequisites for such vulnerabilities are increasingly likely to exist even in a single system. In this paper, we make a first effort to investigate how and where the lack of any uniform approach to handling name collisions leads to a diffusion of responsibility and resultant vulnerabilities. Interestingly, we demonstrate the existence of a range of novel security challenges arising from name collisions and their inconsistent handling by low-level utilities and applications. Specifically, our experiments show that utilities handle many name collision scenarios unsafely, leaving the responsibility to applications whose developers are unfortunately not yet aware of the threats. We examine three case studies as a first step towards systematically understanding the emerging type of name collision vulnerability.
翻译:长期以来,一直对恶意象征性链接和文件占用等文件名称混淆攻击进行了研究,将其作为安全脆弱性的来源。然而,最近出现的一种类型,即案件敏感度引发的名字碰撞,还没有经过仔细研究。在案件敏感和案件不敏感的文件系统或目录下,这些碰撞是由名称解决办法的差异引起的。一个突出的例子就是最近Git 脆弱性(CVE-2021-21-300),当受害者客户将恶意设计的存储库克隆到案件不敏感文件系统时,这可能导致其被强制执行编码。趋势包括:Text4增加对每个指令性案件敏感度的支持,以及广泛部署Linux视窗子子系统,因此,这种脆弱性的先决条件甚至在单一系统中也越来越可能存在。在本文件中,我们首先努力调查处理名称碰撞缺乏统一处理方法导致责任和后果脆弱性的传播。有趣的是,存在一系列新的安全挑战,因为名称碰撞及其由低水平的公用事业和应用程序处理不一致。具体地说,我们的实验表明,即使在单一系统系统中,这种脆弱性的先决条件也越来越可能存在。在本文件中,我们首先研究如何以安全的方式处理许多类型碰撞威胁的模型。