Bugtraq mailing list archives
Re: Goings on with Web clients
From: zblaxell () miranda uwaterloo ca (Zygo Blaxell)
Date: Wed, 9 Aug 1995 23:21:57 -0400
Quoted from System Administrator:
The following handy little piece shows a minor problem with netscape and most other browsers.. they aren't cautious about special files -eg <A href="file:/dev/mouse">Click here to break your mouse</A>
All the more reason to make sure that it's mode 600, owner root, and 'rm -f' svgalib and friends (for non-Linux types, svgalib is a graphics library that requires extended access privileges to directly manipulate video hardware on PCs. Advantages are avoidance of X overhead and the speed & freedom of direct frame-buffer access. Common svgalib- based programs also need access to remap the keyboard, take control of virtual console switching away from the in-kernel VT220 emulator, and lots of other features I remove from my kernel source code before compiling it).
and of course /dev/zero ... fortunately it seems on most systems netscape core dumps or is using mmap and thus maps forever(almost) then I would presume if you had the patience 8) dumps neatly.
/proc/kcore, kmesg and others are fun things to load into your browser as well, not to mention your own stdin... -- Zygo Blaxell, former sysadmin and current software/hardware guru for the University of Waterloo Computer Science Club; current sysadmin for miranda. uwaterloo.ca and ezmail.com. 10th place team, ACM Intl Finals Programming Contest 1994. Will administer Unix (esp. Linux, maybe Solaris) for food.
Current thread:
- local mail delivery der Mouse (Aug 03)
- Re: local mail delivery Neil Woods (Aug 03)
- Goings on with Web clients System Administrator (Aug 04)
- Re: Goings on with Web clients Zygo Blaxell (Aug 09)
- BUG (and exploit): RiscOS 5.01 rshd has FD leaks... Jeremy Fitzhardinge (Aug 11)