- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 12 Nov 2009 02:17:56 -0800
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: ifette@google.com, Maciej Stachowiak <mjs@apple.com>, Eric Uhrhane <ericu@google.com>, Ian Hickson <ian@hixie.ch>, Doug Schepers <schepers@w3.org>, "public-webapps@w3.org" <public-webapps@w3.org>, public-device-apis@w3.org
2009/11/12 Jonas Sicking <jonas@sicking.cc>: > 2009/11/12 Ian Fette (イアンフェッティ) <ifette@google.com>: >> This is really getting into fantasy-land... Writing a file and hoping that >> the user actually opens up explorer/finder/whatever and browses to some >> folder deep within the profile directory, and then double clicks something? >> Telling a user "click here and run blah to get a pony" is so much easier. > > So first off that only addresses one of the two attacks I listed. > > But even that case I don't think is that fantasy-y. The whole point of > writing actual files is so that users can interact with the files, > right? In doing so they'll be just a double-click away from running > arbitrary malicious code. No warning dialogs or anything. Instead the > attacker has a range of social engineering opportunities using file > icon and name as to make doubleclicking the file inviting. > > Like I said, I think this might be possible to work around in the > implementation by making sure to neuter all executable files before > they go to disk. Keep in mind that some users interact with their file systems via search, not browse. For example, if I use Quicksilver or Spotlight to launch skype.exe (sorry for mixing platforms), I might easily launch the skype.exe buried in my profile instead of the one in Program Files. Adam
Received on Thursday, 12 November 2009 10:18:54 UTC