Re: disk:// and help:// security problems
Re: disk:// and help:// security problems
- Subject: Re: disk:// and help:// security problems
- From: Michael Rothwell <email@hidden>
- Date: Mon, 17 May 2004 18:58:03 -0400
Upon further reflection, I think that #2 below won't bypass the whole
problem, as any browser that respects system settings for protocol
handlers can be (mis)used in this manner. It's really a problem with
help:// and disk:// rather than, specifically, safari.
Michael Rothwell
email@hidden
On May 17, 2004, at 3:50 PM, Michael Rothwell wrote:
Safari, when accessing disk:// and help:// URLs, presents an enormous
potential security risk -- automated execution of arbitrary code from an
external source.
I suggest:
1) Apple's Safari developers remove this kind of conveninent (?) but
boneheaded feature
2) Use FireFox, Mozilla, Opera, etc. until (1) is accomplished
There's something to be said for browsers that don't tie themselves too
intimately to the host OS.
-----
F-D post:
http://lists.netsys.com/pipermail/full-disclosure/2004-May/021582.html
Forum discussion:
http://forums.macnn.com/showthread.php?
s=&threadid=213043&perpage=50&pagenumber=1
-----
(excerpts from forums discussions below).
Disk images are mountable via the disk: protocol and automatic
forwarding
to disk: and help: can be done with meta refresh tags.
With an URL of the type help:runscript=... HelpViewer can then be used
to
execute any script. This can be done with a refresh meta tag to such an
URL. The script can then execute arbitrary code.
Summary:
Deleting or modifying the OpnApp.scpt doesn't protect from this
vulnerability
Deleting the MacHelp.help doesn't protect from this vulnerability
Deleting the help protocol with MisFox doesn't protect from this
vulnerability
Changing the help protocol to something else than Help Viewer (I use
Chess) seems to help
I suggest you download MisFox and change the application for the help
protocol from Help Viewer to something else.
Get MisFox here:
http://www.clauss-net.de/misfox/misfox.html
and click the Protocol Helpers tab.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.