Ian Wienand wrote (privately to me but seems suitble for slug): > http://bugzilla.mozilla.org/show_bug.cgi?id=56002
and it says... > b) We again are being burnt by the fact that the attacker can guess where we > will place a file (re: default user directory). At some point we need to put > some more randomization in this placement.. but we never seem to get aronud to > it... and it has burnt us many times. Ah thanks. So it is a security feature. Its a long article and thread but it seems like a very trivial thing for an attacker to circumvent it in time and indeed at the end of that article a person tells how to get that dir name from Windows registry "clear as day".. I see there is more about it at: http://bugzilla.mozilla.org/show_bug.cgi?id=55731 > On Wed, Dec 11, 2002 at 04:31:12PM +1100, Michael Lake wrote: > > I notice that al recent Mozilla Mailers on Windows and Linux have this > > strange directory as follows: > > .mozilla/default/i1lxwmz4.slt/ > > I read that it was a security feature on a Mac OSX newslist but I really > > It's set in prefs.js and I could edit this file and just remove that > > part of the dir path and move all things under it a level up. > > Does anyone know if this can be changed and if so what will break ? Thanks Ian for that link to the explanation. -- Mike Lake Uni of Technol., Sydney UTS CRICOS Provider Code: 00099F DISCLAIMER ======================================================================== This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. ======================================================================== -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
