Bugtraq mailing list archives
RE: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabil ities)
From: "Cole, Timothy D." <timothy_d_cole () md northgrum com>
Date: Wed, 18 Jul 2001 14:23:43 -0400
-----Original Message----- From: aland () striker ottawa on ca [SMTP:aland () striker ottawa on ca] Sent: Wednesday, July 18, 2001 12:10 To: bugtraq () securityfocus com Subject: Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Ishikawa <ishikawa () yk rim or jp> wrote:due to the problems mentioned, we should not forget that a famous browser client on Linux is similarly guilty. I tried the following URLs with my netscape browser under Linux. file:///dev/null...file:///dev/zero...file:///dev/pty0A 'stat' of all of these files shows that they are not regular files. There's no reason, them, to open them in the browser.If someone wants to be nasty, he/she can create a web page with URLs inside <IMG SRC="these device files" ....> listing DOS devices as well as these popular UNIX devices.I question the wisdom of browsers which allow external web pages to reference local files via 'file://' URLs.
I agree; that's really the underlying problem. Checking for special files is a band-aid fix that also limits flexibility. References to 'local' URLs (file: and otherwise) from 'non-local' documents should at least produce a confirmation dialog. Beyond that, configurable policy facilities like those starting to show up in browsers for cookies etc. would be nice.
As someone mentioned, we can't predict what other device files may show up in the future by addition of new hardware drivers.We also cannot predict where special files exist, either. Placing the special file 'zero' in '/dev' is simply an administrative convention on many Unix systems. Device files can exist anywhere.
On some kernels (HURD, or Linux/*BSD with userfs), normal files can be equally "magic". As a genral principle, regardless of platform, local paths may encompass more than just 'dumb' files, so following 'remote' references to them should be restricted.
Current thread:
- RE: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabil ities) Cole, Timothy D. (Jul 19)