W3C home > Mailing lists > Public > www-svg@w3.org > November 2004

Re: SVG 1.2 Comment: B.2.3 Socket Connections

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 1 Nov 2004 21:08:42 +0000 (UTC)
To: Peter Sorotokin <psorotok@adobe.com>
Cc: www-svg@w3.org
Message-ID: <Pine.LNX.4.61.0411012106180.25029@dhalsim.dreamhost.com>

On Mon, 1 Nov 2004, Peter Sorotokin wrote:
> > 
> > Allowing arbitrary socket connections is either very dangerous, or of 
> > limited use, depending on the security restrictions. If it is allowed 
> > for any host, it can be used for sending spam. If it is allowed only 
> > for the originating host, it can be used to perform attacks from HTTP 
> > ports to HTTPS ports (as noted in the previous section).
> 
> Please explain how exactly attack from HTTP to HTTPS can be done with 
> the socket interface.

The same attack as described in the previous section.

A more serious attack would be for untrusted injected script to make a 
direct connection to port 25 (SMTP). That would allow spam to be sent from 
client machines. Since the interfaces would be available to any script in 
UAs that implement SVG (not just in SVG drawings, which are very rare and 
thus less of an attack vector), this would basically mean that any HTML 
site that can be attacked via script injection (which is a lot of them) 
goes from being subject to cross-domain attacks (rarely a major problem on 
such insecure sites) to being a potential spam relay point (very bad).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 1 November 2004 21:08:47 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 5 February 2014 07:14:52 UTC