Re: disk:// and help:// security problems
Re: disk:// and help:// security problems
- Subject: Re: disk:// and help:// security problems
- From: Eric Shore Baur <email@hidden>
- Date: Tue, 18 May 2004 15:10:59 -0700 (PDT)
This can probably still be defeated. Just have the disk image
mount and then, instead of having the help:// URL load, load an http:// or
file:// URL off the disk image - and *that* has the help:// URL.
Sounds a little convoluted, but all of this can still be automated
and happen fairly quickly.
Really, the help viewer (and any other app that looks at
unverified data) should be running either sandboxed code or no code at
all.
Eric
On Tue, 18 May 2004, Jonathan Wight wrote:
>
So the obvious solution is for Apple to modify WebKit to prevent
>
passing of URIs with certain schemes to LaunchServices if the source of
>
the URI isn't the local machine.
>
>
The trouble with that method is that we only know about two URI schemes
>
that currently are dangerous. Wouldn't it be better to encode this
>
information in the URI scheme itself so that any future URI schemes can
>
be defined to be local only? One way would be replace the 'help' URI
>
scheme with 'x-local-help'. WebKit (or any other code that can
>
potentially open a URI from the outside world) would check the URI
>
scheme name and refuse to load 'x-local-*' URIs that aren't from the
>
local machine?
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.