One problem is that any user who logs in locally needs read/write access to
the root directory of the system drive to be able to create a swap file.
Therefore, those users would also probably have read/write access to any
other files in that directory.
Another problem is that root directories of other partitions by default
allow everyone full control, so files placed there would be vulnerable
unless someone specifically changed those permissions.
And finally, it is nice having all a progam's files in one directory to make
it easier to control permissions to that program's files. It would be too
easy to overlook a file stored somewhere else.
Mark Burnett
http://xato.net
"Tony Gravagno" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I just found yet another application that stores configuration data in
> the C:\ root path. I don't know if they hardcoded "C:" for their
> installation or if they were smart enough to at least use the same
> partition where the app was being stored.
>
> Some people have a fit over such things. Instinctively it seems that
> it would be a security issue to put an app file like a .log or an .xml
> or .ini config file in a root directory, but I can't find any
> documentation to support the belief. There's no doubt this is sloppy
> coding but it's hard to ask a vendor to move their files based on a
> sense of elegance.
>
> Can someone point me to some info about why putting app files in the
> partition root is bad? Even some blog or discussion on the topic?
>
> Thanks.
Similar Threads
