- From: Alexey Feldgendler <alexey@feldgendler.ru>
- Date: Tue, 20 Dec 2005 10:53:17 +0600
On Tue, 20 Dec 2005 08:01:27 +0600, Maciej Stachowiak <mjs at apple.com> wrote: > I don't think reading /dev/mouse will specifically do anything bad, but > I see your point. For file: in file: inclusion I think it would be wise > to exclude certain system paths such as /dev and /etc. I think this may > be done already. I've just tried on my Opera for Linux. Opeing file:///dev/input/mice (that's what I have instead of /dev/mouse) simply produces a blank page. But opening file:///dev/random causes Opera to stop responding to UI. I think it's the responsibility of the browser developer to know what file: resources of the local OS are dangerous, and to avoid opening them. For example, on Linux it would be a safe bet to avoid opening anything than regular files (i.e. character specials, block specials, fifos etc). -- Opera M2 9.0 TP1 on Debian Linux 2.6.12-1-k7 * Origin: X-Man's Station at SW-Soft, Inc. [ICQ: 115226275] <alexey at feldgendler.ru>
Received on Monday, 19 December 2005 20:53:17 UTC