Bugtraq mailing list archives
Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)
From: aland () striker ottawa on ca
Date: Wed, 18 Jul 2001 12:09:40 -0400
Ishikawa <ishikawa () yk rim or jp> wrote:
due to the problems mentioned, we should not forget that a famous browser client on Linux is similarly guilty. I tried the following URLs with my netscape browser under Linux. file:///dev/null
...
file:///dev/zero
...
file:///dev/pty0
A 'stat' of all of these files shows that they are not regular files. There's no reason, them, to open them in the browser.
If someone wants to be nasty, he/she can create a web page with URLs inside <IMG SRC="these device files" ....> listing DOS devices as well as these popular UNIX devices.
I question the wisdom of browsers which allow external web pages to reference local files via 'file://' URLs.
As someone mentioned, we can't predict what other device files may show up in the future by addition of new hardware drivers.
We also cannot predict where special files exist, either. Placing the special file 'zero' in '/dev' is simply an administrative convention on many Unix systems. Device files can exist anywhere.
One may be tempted to block all the files below /dev inside the browser/servers. Could this be a cure for this problem under linux/UNIX?
No. The browsers should be using the 'fstat' function, prior to opening any 'file://' URL. Regular files and directories should be OK. Links should have their links de-referenced, and the linked-to file 'fstat'ed also. Any other files should be ignored. Alan DeKok.
Current thread:
- Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Ishikawa (Jul 18)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Robin Houston (Jul 18)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) David F. Skoll (Jul 18)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) aland (Jul 18)
- Internet Explorer file:// URL issues Chad Loder (Jul 19)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Glynn Clements (Jul 19)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Jeffrey W. Baker (Jul 18)
- Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) Richard Kettlewell (Jul 19)
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) George Staikos (Jul 20)
- <Possible follow-ups>
- Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities) der Mouse (Jul 19)