mklink /j inetpub c:\tmp\crassus.exe Junction created for inetpub <===> c:\tmp\crassus.exe
https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/315/468/118/374/963/original/117737951bd66c59.png
https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/315/468/118/374/963/original/117737951bd66c59.png
Notices where this attachment appears
-
Embed this notice
Will Dormann (wdormann@infosec.exchange)'s status on Friday, 11-Apr-2025 05:29:26 JST 
Will Dormann
@GossiTheDog
Ah, you'd think that you couldn't.
But indeed you can!
That is, a non-admin user can create a "directory" junction to a file target, which will have the result of April's security updates failing to install. 😂It seems that this weird concept of a junction to a file achieves an unexpected double-standard:
- It counts as a directory when it comes to NTFS ACLs (a non-admin user can create a junction in C:\)
- Depending on how the junction is accessed, it might count as a file as opposed to being treated as a directory.
This seems like a problem. Obviously in the case of April's updates here. But perhaps even more generically in that a junction to a file target seems to almost guarantee unexpected behavior.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.