Re: [chromium-dev] Re: opening local files with chrome from command line, relative paths

Wed, 13 Jan 2010 14:01:48 -0800 

On Wed, Jan 13, 2010 at 8:36 AM, Evan Martin <ev...@google.com> wrote:

> Since the proposed vulnerability is that I have cd'ed into a specially
> crafted malicious directory then type out "google-chrome
> some-particular-url", at which point I will end up at a file:// URL
> under the attacker's control, I am skeptical we should worry about
> this.
>
> 1) 99% of users don't have attackers writing arbitrary files to their
> disk (most users don't have shared disk environments)
> 2) 99% of users don't launch URLs from the command line
> 3) the attacker can't do much (how can a file url attack you?  phishing?)
>

Steal all your local files and send them off to some website.
I recently made this a tiny bit harder (restrict directory listings). I'll
do something much stronger sometime soon.

Cheers
Chris


>
> On Wed, Jan 13, 2010 at 7:44 AM, Paweł Hajdan, Jr.
> <phajdan...@chromium.org> wrote:
> > Michał, Chris: could you comment on security aspects and give some
> > recommendations?
> >
> > Ben, could you comment on the "user interaction / usability" aspect?
> > We have few choices here, I'm not sure which one is preferred.
> >
> > On Mon, Jan 11, 2010 at 23:23, Benjamin Smedberg <bsmedb...@gmail.com>
> wrote:
> >> For what it's worth, the way Firefox solves this is:
> >>
> >> * Check if the file is an absolute file path
> >> ** on Windows, X:\... or \\...
> >> ** on Posix, /...
> >> * Otherwise, it's a URL relative to the current working directory
> >> ** So index.html resolves using the URL machinery to
> >> file:///c:/cwd/index.html
> >> ** while http://www.google.com resolves to itself
> >>
> >> This doesn't deal with the case firefox.exe www.google.com (which would
> try
> >> to resolve as a file), but we decided not to care about this case. We do
> >> have the explicit firefox.exe -url www.google.com which will perform
> URI
> >> fixup to guess the correct URL.
> >>
> >> --BDS
> >>
> >>
> >> --
> >> Chromium Developers mailing list: chromium-dev@googlegroups.com
> >> View archives, change email options, or unsubscribe:
> >>    http://groups.google.com/group/chromium-dev
> >>
> >
> > --
> > Chromium Developers mailing list: chromium-dev@googlegroups.com
> > View archives, change email options, or unsubscribe:
> >    http://groups.google.com/group/chromium-dev
> >
>

-- 
Chromium Developers mailing list: chromium-dev@googlegroups.com 
View archives, change email options, or unsubscribe: 
    http://groups.google.com/group/chromium-dev

Reply via email to