W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Use Cases and Requirements for Saving Files Securely

From: イアンフェッティ <ifette@google.com>
Date: Thu, 12 Nov 2009 02:22:26 -0800
Message-ID: <bbeaa26f0911120222o74dce8f9o8db13597f4673549@mail.gmail.com>
To: Jonas Sicking <jonas@sicking.cc>
Cc: Maciej Stachowiak <mjs@apple.com>, Eric Uhrhane <ericu@google.com>, Ian Hickson <ian@hixie.ch>, Doug Schepers <schepers@w3.org>, "public-webapps@w3.org" <public-webapps@w3.org>, public-device-apis@w3.org
2009/11/12 Jonas Sicking <jonas@sicking.cc>

> 2009/11/12 Ian Fette (イアンフェッティ) <ifette@google.com>:
> > This is really getting into fantasy-land... Writing a file and hoping
> that
> > the user actually opens up explorer/finder/whatever and browses to some
> > folder deep within the profile directory, and then double clicks
> something?
> > Telling a user "click here and run blah to get a pony" is so much easier.
>
> So first off that only addresses one of the two attacks I listed.
>
>
Fair


> But even that case I don't think is that fantasy-y. The whole point of
> writing actual files is so that users can interact with the files,
> right? In doing so they'll be just a double-click away from running
> arbitrary malicious code. No warning dialogs or anything. Instead the
>

Why do you assume this? On Windows, we can write the MotW identifier, which
would lead to windows showing a warning. On linux, we could refuse to chmod
+x.


> attacker has a range of social engineering opportunities using file
> icon and name as to make doubleclicking the file inviting.
>
> Like I said, I think this might be possible to work around in the
> implementation by making sure to neuter all executable files before
> they go to disk.
>
> / Jonas
>
Received on Thursday, 12 November 2009 10:23:00 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT