Re: disk:// and help:// security problems
Re: disk:// and help:// security problems
- Subject: Re: disk:// and help:// security problems
- From: Charles Srstka <email@hidden>
- Date: Sun, 23 May 2004 13:16:25 -0500
On May 23, 2004, at 7:45 AM, Izidor Jerebic wrote:
Well, the above is not all...
The URI schemes mixed with LaunchServices is *extremely* dangerous.
See:
<http://daringfireball.net/2004/05/unsafe_uri_handlers>
and especially
<http://www.unsanity.com/haxies/pa/whitepaper>
Not only that, it's also possible to create an app with a creator code
of 'GFTM' and set it up to recognize the tn3270: protocol. Since the
default settings already specify an app with creator code 'GFTM' as the
helper app for tn3270:, this exploit could conceivably still work even
if Apple fixed the problem of LaunchServices automatically registering
protocols for helper apps.
Charles
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.