Closed
Bug 91402
Opened 24 years ago
Closed 23 years ago
file: another stat() device bug for UNIX
Categories
(Core :: Networking: File, defect)
Tracking
()
People
(Reporter: ishikawa, Assigned: asa)
References
()
Details
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.6 i686)
BuildID: 20010715
(I lied about BuildID since the problem is observable
across any build so far from what I heard.)
The browser should not blindly
open and read file:/// URL.
Instead, the browser should stat
the pathname and decide to read
only the ordinary file and directories, and
ignore all th rest including
the block and char and other device files.
See the discussion on BugTraq that took place on July 16, 17, 18
of 2001.
Reproducible: Always
Steps to Reproduce:
1. Just try to access file:///dev/zero, file:///dev/console, etc..
2. You will notice the apparent hung.
3. Repeatable all the time.
Actual Results: The browser will get hung or
worse sometimes keyboard input is no longer available, etc.
Bad URL includes
file:///dev/pty0
file:///dev/console
file:///dev/tty0
file:///dev/zero
file:///con
file:///nul
file:///prn
file:///clock
..
Please check the disucssion that took place on bugtraq during
July 16-18, 2001.
BugTraq mailing list archive is at www.securityfocus.com.
Comment 1•24 years ago
|
||
We have got it covered
*** This bug has been marked as a duplicate of 69070 ***
Status: UNCONFIRMED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
VERIFIED:
qa to me, -> file
Most of the entry points for this should be blocked now...
If you can still reproduce this, comment here, or mark this REOPENED.
Status: RESOLVED → VERIFIED
Component: Browser-General → Networking: File
QA Contact: doronr → benc
REOPEN:
I'm pulling all the "special file" bugs out of "checkURI" b/c I'm hoping to
handle these problems in "file", esp since it sounds like we aren't doing
everything properly.
Status: VERIFIED → UNCONFIRMED
Resolution: DUPLICATE → ---
Summary: Security problem. Denial of service problem. → file: another stat() device bug for UNIX
RESOLVED/DUPE:
mstoltz is considering fixing this so even if checkloadURI is off, we are safe.
*** This bug has been marked as a duplicate of 91657 ***
Status: UNCONFIRMED → RESOLVED
Closed: 24 years ago → 23 years ago
Keywords: verifyme
Resolution: --- → DUPLICATE
VERIFIED:
file: URL verification cleanup.
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in
before you can comment on or make changes to this bug.
Description
•