Re: Publishing HTML

From: Dan Mueth <d-mueth uchicago edu>
To: Trevor Curtis <trevor curtis home com>
Cc: Colm Smyth <Colm Smyth sun com>, GNOME Doc List <gnome-doc-list gnome org>
Subject: Re: Publishing HTML
Date: Tue, 26 Jun 2001 10:35:06 -0500 (CDT)

On Tue, 26 Jun 2001, Trevor Curtis wrote:

> On Tue, Jun 26, 2001 at 10:37:24AM +0100, Colm Smyth wrote:
> > - (paranoia on) a multi-user writeable cache for html files creates more issues
> >   than one for man-pages; HTML isn't as harmless a document format as you might
> >   like because it is a host for executable content (javascript, plug-ins, java,
> >   ...; also remote execution (form input methods like cgi, servlets, ...)
> >   it would be possible to edit a html page to bind different actions to buttons
> >   or hyperlinks
> >
>
> Hey. I'm new to all this, and so might be missing something, but why
> would we worry about plugins? Going from xml/sgml -> html, we
> typically don't use javascript or plugins of that sort.  Or do you
> mean this in just a general sense?

Others here could probably answer this much better than I can, but I'll
give it a shot.

 Untrusted ___\  Black Box XML->HTML ____\  shared  ____\ Help browser
 XML "doc"    /  converter(gnome-db2html)/   cache      / (Moz./Naut.)

Any user can pass an untrustred document which they write or obtain from
the web to the help system.  It gets converted by gnome-db2html3 into an
HTML file and cached for all other users to run through Nautilus (which is
really just Mozilla for these purposes).  So, if the untrusted document
had executable content which could get through gnome-db2html, then we
would have a cache file with malicious content which gets parsed by
Mozilla by any other user on the system who happens to read that help
file.

A recent exploit similar to this was found in 'man' which allowed a user
to write a bogus man page (really a script) and put it into the system
cache.  When any other user tries to read this man page, it creates an
suid script in /tmp which allows anybody else on the machine to suid to
the user who tried to read the man page.

Given the richness of HTML and long feature list of Mozilla, it does seem
very difficult to have gnome-db2html filter all malicious code that might
go into the cache.

Dan

Follow-Ups:
- Re: Publishing HTML
  - From: Daniel Veillard

References:
- Re: Publishing HTML
  - From: Trevor Curtis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]