- From: Ian Hickson <ian@hixie.ch>
- Date: Mon, 1 Nov 2004 21:08:42 +0000 (UTC)
- To: Peter Sorotokin <psorotok@adobe.com>
- Cc: www-svg@w3.org
On Mon, 1 Nov 2004, Peter Sorotokin wrote: > > > > Allowing arbitrary socket connections is either very dangerous, or of > > limited use, depending on the security restrictions. If it is allowed > > for any host, it can be used for sending spam. If it is allowed only > > for the originating host, it can be used to perform attacks from HTTP > > ports to HTTPS ports (as noted in the previous section). > > Please explain how exactly attack from HTTP to HTTPS can be done with > the socket interface. The same attack as described in the previous section. A more serious attack would be for untrusted injected script to make a direct connection to port 25 (SMTP). That would allow spam to be sent from client machines. Since the interfaces would be available to any script in UAs that implement SVG (not just in SVG drawings, which are very rare and thus less of an attack vector), this would basically mean that any HTML site that can be attacked via script injection (which is a lot of them) goes from being subject to cross-domain attacks (rarely a major problem on such insecure sites) to being a potential spam relay point (very bad). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 1 November 2004 21:08:47 UTC