Re: disk:// and help:// security problems
Re: disk:// and help:// security problems
- Subject: Re: disk:// and help:// security problems
- From: Jonathan Wight <email@hidden>
- Date: Tue, 18 May 2004 15:28:47 -0400
So the obvious solution is for Apple to modify WebKit to prevent
passing of URIs with certain schemes to LaunchServices if the source of
the URI isn't the local machine.
The trouble with that method is that we only know about two URI schemes
that currently are dangerous. Wouldn't it be better to encode this
information in the URI scheme itself so that any future URI schemes can
be defined to be local only? One way would be replace the 'help' URI
scheme with 'x-local-help'. WebKit (or any other code that can
potentially open a URI from the outside world) would check the URI
scheme name and refuse to load 'x-local-*' URIs that aren't from the
local machine?
Jon.
On May 18, 2004, at 14:01, Robert Goldsmith wrote:
>
> http://bronosky.com/pub/AppleScript.htm
>
>
Yes, I noticed this this morning and have advised everyone I know to
>
use either the IE preferences or MisFox to change the Help helper to
>
preview or Textedit (preview for those who don't want to see the script
>
command passed). There are very few limitations in what even a script
>
string passed in the url is capable of doing and, as pointed out, as
>
this doesn't require a dmg or anything to be downloaded, turning off
>
'open safe files' has no effect. After all, the applescript could
>
easily use curl to download anything it wants and run it from a known
>
location...
>
>
It is interesting to note that, according to talk on /. the problem is
>
only in 10.3 - 10.2 seems to be 'immune' so this was caused by a recent
>
braindread action on the part of an Apple developer rather than an old
>
one you could blame on 'didn't know better' ... Of course, Apple
>
removing the 'Helpers' preference pane in 10.3 didn't really help
>
either, nor does the use of CM coding for the preference file holding
>
all the settings :(
>
>
It is also very reminiscent to the Windows Help bug that was capable of
>
formatting your hard drive :(
>
>
The most common form of attack on platforms with few email client bugs
>
is via common protocols such as ssh, ftp, http/url coding etc. and
>
anyone working with this type of tcp connection must really think hard
>
of the knock-on consequences!
>
>
Robert
>
---
>
GnuPG public key:
>
http://www.Far-Blue.co.uk/
[demime 0.98b removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.