Unsafe SSH URLs? (Was Re: [ANN] RendezCon v0.1 - Rendezvous and Controller Sample Code and Application)
Unsafe SSH URLs? (Was Re: [ANN] RendezCon v0.1 - Rendezvous and Controller Sample Code and Application)
- Subject: Unsafe SSH URLs? (Was Re: [ANN] RendezCon v0.1 - Rendezvous and Controller Sample Code and Application)
- From: René Puls <email@hidden>
- Date: Tue, 25 Nov 2003 10:11:43 +0100
Hi,
Am 24.11.2003 um 19:56 schrieb Dominik Wagner:
RendezCon is a low level Rendezvous browser with 3 intentions:
1) do Rendezvous browsing right (multihoming, resolving, etc.)
2) use the Controller Layer
3) provide this as complete and really good sample code for others
[...]
- If you doubleclick the resolved addressses in the detail view you
get a simple <service type>://<address:port>/ url opened. In case of
ssh terminal sends the :22 as bash command. doh.
This sounds to me like a security problem in the URL handling code of
Mac OS X.
You can type any URL like "ssh://servername:12345/" into Safari and it
will cause a Terminal window to open and execute "12345" on the
specified server. It doesn't seem to work when there are letters in the
"12345" part, but still...
Radar #3494007. :-)
Kind regards,
Rene Puls
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.