• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: disk:// and help:// security problems
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: disk:// and help:// security problems

  • Subject: Re: disk:// and help:// security problems
  • From: Michael Rothwell <email@hidden>
  • Date: Mon, 17 May 2004 18:58:03 -0400
Upon further reflection, I think that #2 below won't bypass the whole problem, as any browser that respects system settings for protocol handlers can be (mis)used in this manner. It's really a problem with help:// and disk:// rather than, specifically, safari.

Michael Rothwell
email@hidden



On May 17, 2004, at 3:50 PM, Michael Rothwell wrote:

Safari, when accessing disk:// and help:// URLs, presents an enormous
potential security risk -- automated execution of arbitrary code from an
external source.

I suggest:

1) Apple's Safari developers remove this kind of conveninent (?) but
boneheaded feature

2) Use FireFox, Mozilla, Opera, etc. until (1) is accomplished

There's something to be said for browsers that don't tie themselves too
intimately to the host OS.

-----

F-D post:
http://lists.netsys.com/pipermail/full-disclosure/2004-May/021582.html

Forum discussion:
http://forums.macnn.com/showthread.php? s=&threadid=213043&perpage=50&pagenumber=1

-----

(excerpts from forums discussions below).

Disk images are mountable via the disk: protocol and automatic forwarding
to disk: and help: can be done with meta refresh tags.

With an URL of the type help:runscript=... HelpViewer can then be used to
execute any script. This can be done with a refresh meta tag to such an
URL. The script can then execute arbitrary code.


Summary:

 Deleting or modifying the OpnApp.scpt doesn't protect from this
vulnerability
 Deleting the MacHelp.help doesn't protect from this vulnerability
 Deleting the help protocol with MisFox doesn't protect from this
vulnerability
 Changing the help protocol to something else than Help Viewer (I use
Chess) seems to help

I suggest you download MisFox and change the application for the help
protocol from Help Viewer to something else.

Get MisFox here:

http://www.clauss-net.de/misfox/misfox.html

and click the Protocol Helpers tab.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.

  • Follow-Ups:
    • Re: disk:// and help:// security problems
      • From: Charles Srstka <email@hidden>
References: 
 >disk:// and help:// security problems (From: "Michael Rothwell" <email@hidden>)

  • Prev by Date: Custom view transparent fill problem
  • Next by Date: Slowwwwwwww......
  • Previous by thread: Re: disk:// and help:// security problems
  • Next by thread: Re: disk:// and help:// security problems
  • Index(es):
    • Date
    • Thread