Bugtraq mailing list archives
Mac/At Ease/Netscape File Access Exploit
From: nathan () SENATE ORG (Nathan Dorfman)
Date: Tue, 20 May 1997 18:10:15 -0400
Please don't flame me for posting Mac stuff to a UNIX list I see NT crap here all the time, and thought some admins may think twice before running At Ease (or before running Macs in the first place). SYNOPSIS: At Ease apparently doesn't patch the kernel to introduce file restrictions, but modifies a library that programs call to display an Open File dialog box. IMPACT: This bug allows a user to read files and directories he shouldn't have access to under the At Ease system. DESCRIPTION: Under At Ease, files and folders that you shouldn't have access to are grayed out in Open File dialogs. Using a program like Netscape you can bypass the dialog, using a URL such as: file://TZHS%20HD%202/Documents/Dorfman%20Nathan Note that the implementation of Netscape used automatically converted spaces to %20 combinations as required by HTTP 1.1 (RFC 2068): file://TZHS HD 2/Documents/Dorfman Nathan/ Will show the contents of that folder. For non-text files, you can simply save the file into a folder you DO have access to and use the appropriate program to open it. EXTRA NOTES: Netscape will not let you modify the folders but a simple program can be written that takes a filename in a text-box and opens the file from its location, without copying. If you can write Mac code, and are willing to, please send to nathan () senate org.
Current thread:
- Mac/At Ease/Netscape File Access Exploit Nathan Dorfman (May 20)
- Re: Mac/At Ease/Netscape File Access Exploit Dan Fleisher (May 20)
- Re: Mac/At Ease/Netscape File Access Exploit Paul Melson (May 21)
- Re: Mac/At Ease/Netscape File Access Exploit Dan Fleisher (May 20)