[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- To: "Geo." <geoincidents@xxxxxxx>
- Subject: Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- From: Valdis.Kletnieks@xxxxxx
- Date: Sun, 07 Oct 2007 11:21:01 -0400
On Sat, 06 Oct 2007 12:43:16 EDT, "Geo." said:
> If the application is what exposes the URI handling routine to untrusted
> code from the internet, then it's the application's job to make sure that
> code is trusted before exposing system components to it's commands, no?
I think that given a system service that says "I will handle a mailto: URI",
that a programmer can *reasonably* expect the following:
1) That it will be handed to a program that actually does e-mail, and not
a calculator. calc.exe hasn't *yet* followed the programming aphorism that
every program grows until it can read e-mail.
2) That said program can protect itself against overtly malicious input.
"When people pcp a chocky in their mouth, they don't expect steel bolts to
string out and pierce their cheeks" -- Monty Python.
Attachment:
pgpRJHcPnKlb6.pgp
Description: PGP signature
- References:
- URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype
- Prev by Date:
RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Next by Date:
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype
- Previous by thread:
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype
- Next by thread:
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype
- Index(es):