Geoff, thank you a lot for your posts.
it definitively _is_ a misplaced concern under the circumstances you just took the time to clarify.
Regards!
Lorenzo
On 08.03.2005, at 05:24, Geoff Beier wrote:
Sorry... My trackpad slipped down to "Send Now" when I was trying to hit my
minimize button. I had a few more sentences of clarification :-)
On 3/7/05 11:08 PM, "Geoff Beier" <[EMAIL PROTECTED]> wrote:
On 3/7/05 2:44 PM, "Lorenzo Perone" <[EMAIL PROTECTED]>
wrote:
I'm not sure I'll be fast enough with a 'killall Camino' or Force Quit
by the time my favorite fastest browser on Mac OS X has launched and
opened the url.
Imho, in a world in which a cookie is a potential privacy threat, we should consider the open url feature also one.
While you are quite correct that open url could be used to leak
information, and it is a good instinct to consider how a malware author
could abuse it, I think your concern is misplaced. If I'm a malware
author and you're running my code, every application on the system
could disable open url, and I could leak any information I can access
without little snitch ever noticing. (I'm not criticizing little snitch
specifically here, but rather all process/host/port based "firewalls",
on all platforms... They are absolutely a false sense of security in
their common operating configurations if you can't control which
software you are running.)
As long as you are allowing ANY application to hit arbitrary hosts, it's
"game over" for any code you run to hit an arbitrary host. Software like
Little Snitch identifies process by name, path, and checksum. To get
out, then, it's simply a matter of causing a process that Little Snitch
trusts to connect to your host. As with most operating systems, you can
inject code into any process you launched. So if I get you to run my
malware, I can:
1. Check the list of apps little snitch trusts 2. Find one of those that's running and inject code that appears to little snitch to be part of that app. 3. Transmit whatever I can read off the machine :-P
Since no one wants to answer a popup every time they visit a web site, it's nearly 100% safe that little snitch will be configured to let a browser hit arbitrary hosts. This style of injection is far superior to open url because it's much less likely to attract the notice of the user, either in browser history or via a flashing window.
That's a very long way to say that adding stuff to our open url apple event handler would be extra work that would inconvenience our users, make us more brittle, and buy us absolutely nothing at all in terms of protection against malicious software.
Geoff
_______________________________________________ Camino mailing list [email protected] http://mozdev.org/mailman/listinfo/camino
_______________________________________________ Camino mailing list [email protected] http://mozdev.org/mailman/listinfo/camino
