On Thu, 25 May 2000, Bijan Parsia wrote:
> Writing files and opening sockets may be sufficient for a variety of
> secondary attacks (as well as the obvious direct attacks). For example, if
> you can write out a pre-compiled AppleScript to the "startup" folder, it
> will get executed next startup.
The latest (not yet official) Unix VM has a -secure option that restricts
file prims to be able to read and write only in the image directory and
subdirs (the so-called "file sandbox"). You have to make sure the VM is
not in that directory, of course. This option would be easy to add to
other platforms, too. You only need to change function
plugInAllowAccessToFilePath() to match the path against the image
directory. For Macs, this is in sqMacWindow.c. The unix imp goes like this
(vmPath actually is the path to the image):
int plugInAllowAccessToFilePath(char *pathString, int pathStringLength)
{
int vmPathLength, i;
if (!secure) return true; /* not a plugin ==> grant */
vmPathLength= strlen(vmPath) - 1;
if (pathStringLength < vmPathLength)
return false; /* path too short ==> deny */
for (i= 0; i < vmPathLength; i++)
if (pathString[i] != vmPath[i])
return false; /* no common root ==> deny */
for (; i < pathStringLength-3; i++)
if (!strncmp(&pathString[i], "/..", 3))
return false; /* parent component ==> deny */
return true; /* ==> grant */
}
-- Bert
