Slashdot Mirror


One More Mac Protocol Handler Exploit

There's another exploitable protocol handler, this time, ssh. Daring Fireball has an excellent summary of what you can do to protect yourself, using RCDefaultApp, and if you went that direction, and were wise enough to recognize ssh might be vulnerable too, you are safe. Paranoid Android attacks the problem from a different direction, and if you use that, you are also safe.

2 of 76 comments (clear)

  1. Question by cappadocius · · Score: 4, Interesting
    from link: Affected Products: MacOSX >= 10.3.3, Various Browsers, possibly others platforms/browsers

    Is this true what the link says: that these exploits only affect Panther? (also, am I reading the link text correctly)

    I am running Jaguar and I followed the link on an earlier story to a benign demonstration of the handler exploit, and to my knowledge it did not work.

    --

    omnia tua castra sunt nobis

  2. Protocol Handlers by 0x0d0a · · Score: 4, Interesting

    You know, the first I remember hearing about protocol handlers was when Microsoft started pushing the combination of the browser and the desktop.

    Microsoft *very* commonly fails to draw a clear line between those data that can affect those things that can be externally-invoked (such as protocol handlers) and those things that may only be internally invoked. There is no reason for, say, a "help" protocol handler, though there is for an "ftp" protocol handler. There is clearly a need for two separate systems -- "remote" and "local" handlers, where "local" systems are only invoked by trusted software running on the system.

    If Apple took bad ideas from Microsoft, they deserve to chew on the bitter taste a bit.

    Note that GNOME (and I'll bet KDE, though I'm not familiar enough with KDE to know) also took this broken security design from Microsoft, and it's even bets that they have some of the same problems.

    I should be able to set things like the following with "local" handlers (ones that will only be passed "trusted good" data, and can poentially do destructive things like overwrite files based on the data passed them:
    * my terminal program (xterm, gnome-terminal, konsole, rxvt, aterm, etc)
    * my file manager
    * my "error" handler -- could spit out junk to the console, play an error sound, send stuff to syslog, bring up a dialog, whatever.
    * my password manager (this lets programs add entries automatically -- for example, my FTP program can tell my password manager to store my password whenever I bookmark a passworded site). This lets me keep an encrypted password collection without extensive manual effort.
    * My download manager, so that software can pass off downloads that they want *downloaded*, not just displayed.

    Then there are external protocol handlers. These are programs to handle each of the standard URL prefixes -- news, telnet, http, ftp, etc. It's fine for these to be systemwide, but they *never* should be combined with internal handlers. It's a really *bad* idea, and one of Microsoft's worse "innovations". They may not perform destructive acts based on the arguments passed them, and must be carefully examined to ensure that they robustly handle input passed to them.