Bugtraq mailing list archives
Re: URI handling as the harbinger of interaction errors
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 11 Oct 2007 18:49:04 +0200
* Steven M. Christey:
Throughout this whole discussion on URI handling and IE, let's not forget that: 1) ANY technology that uses "handlers" that pass commands and arguments from one process to another, is likely to have these kinds of issues. Web browsers are just the first to get this kind of attention. All products that support plugins, whether web-based or not, should be examined for this type of problem.
Uh, the "first" part is not quite true. There was some discussion about mailcap entries, and whether you should use %s or '%s' at some time in the 90s.
2) Programs that were formerly assumed to be safe because they were only ever intended to be invoked by a single user, will now become unsafe if they're referenced in a handler. Think second-order symlink issues as one example, or buffer overflows in command-line arguments for non-setuid programs that are likely to be used in handlers (image converters, anyone?)
Again, we have been though this with *roff, Ghostscript (and its various front ends), DVI viewers and TeX itself, and many more (and the classic "unshar", of course). It's just another round on a different operating system. Image viewers are particularly interesting because even if your favorite and bug-ridden MIME types like image/gif are handled by a (supposedly patched) mail/web client, chances are that the image viewer recognizes a GIF image even if it is declared as image/x-xwindowdump, exposing its vulnerable GIF code.
Current thread:
- URI handling as the harbinger of interaction errors Steven M. Christey (Oct 11)
- Re: URI handling as the harbinger of interaction errors Florian Weimer (Oct 11)