Closed Bug 91657 Opened 23 years ago Closed 19 years ago

file:// should stat() for device files and maybe not open them

Categories

(Core Graveyard :: File Handling, defect)

Product:
Core Graveyard
Component:
File Handling
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
Future

People

(Reporter: dylang, Assigned: mscott)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: helpwanted, testcase, Whiteboard: [sg:fix]) 

As pointed out on bugtraq, Mozilla doesn't check to see if a file is a device
node  before opening.  The stat(2) function (POSIX, and many others) provides a
method of determining this easily without subjecting the user to a potential
crash or other problem.

Windows has no such analog, so you won't be able to use it to fix the
file://con/con bug there.  Oh well :)

From the Bugtraq posting:
"
On Wed, 18 Jul 2001, Ishikawa wrote:

> The next is a showstopper.
> The problem URL that caused the hung of browser,
> at least, on my PC is the following.

>     file:///dev/pty0

However, the UNIX API has a very simple and *reliable* way around this:

        stat(2)

I hope Mozilla authors are listening and start stat'in file:/// urls.

There is no simple and reliable equivalent under 'doze.
"
From: "Jeffrey W. Baker" <jwbaker@acm.org>

On Wed, 18 Jul 2001, Ishikawa wrote:

> The next is a showstopper.
> The problem URL that caused the hung of browser,
> at least, on my PC is the following.
>
>     file:///dev/pty0
>
> This locked my netscape navigator solid.
> I had to kill it using kill command from another
> xterm window. X didn't get hung, etc..
> Since trying other devices may cause more severe problems
> I stopped testing here.

Using <img src="file:///dev/tty0"> on my Linux machine caused Netscape and
Mozilla both to eat all the keyboard input.  I had to use another machine
to kill it.  I expected Netscape to NOT open file URIs from within a page
fetched via !file (http, https, ftp, gopher, etc.).

-jwb
Tossing to networking, since they'd be the ones to talk to (oops) :)
Component: Browser-General → Networking
Ok, I obviously suck at double checking the query page.  Marking dupe.

*** This bug has been marked as a duplicate of 91316 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
.
Status: RESOLVED → VERIFIED
REOPEN: -> file
Even though "checkURI" has cut off using this as a denial of service, it sounds 
like we still need to do what is described here, b/c it is the "right" way of 
doing things.

In the future, I can expect that (given the number and temperature of the 
objections to the default behavior), that significant number of individuals will 
elect to turn off "checkURI" but will still not want their keyboard to disappear 
on a tricked out file: URL.
Status: VERIFIED → UNCONFIRMED
Component: Networking → Networking: File
Resolution: DUPLICATE → ---
Summary: Mozilla doesn't check to see if a file is a device node before opening. → file:// should stat() for device drivers
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: file:// should stat() for device drivers → file:// should stat() for device files and maybe not open them
More to the point, it's possible that fixing this bug may allow us to safely
remove some calls to CheckLoadURI.
->reassign
Assignee: asa → dougt
QA Contact: doronr → benc
Keywords: helpwanted
Target Milestone: --- → Future
*** Bug 91402 has been marked as a duplicate of this bug. ***
+testcase (I'll be sure to run this last...)
Keywords: testcase
Mitchell: you wanted me to remind you about fixing this, it is still untargeted 
(adding mozilla1.0 keyword)
Keywords: mozilla1.0
I do not think this is a bug that necko should fix.  If the application built
around necko wants to stop devices from being opened, they should restrict these
URLs.  I can easily imagine a application that wants to open a stream to a
device file.  

Maybe this should be file handling at the application level or WONTFIX all together.
Assignee: dougt → law
Component: Networking: File → File Handling
QA Contact: benc → sairuh
Please don't mark this WONTFIX - I'd really like this to be fixed somewhere, if
not in Necko. Regardless of what some hypothetical application built around
Necko might want to do, our application should not try to open device files
because that's a very easy way for a malicious site to cause mischief.
Implementing this restriction will allow me to loosen up the CheckLoadURI policy
to some degree, and that will make a lot of people happy.
->mscott

The only place we might could plug this hole is in the uriloader, I suspect.

We'd also need to hack some stuff in nsWebBrowserPersist when doing "save link
as..." (and maybe some other places?
Assignee: law → mscott
note:

bug 122523 bug removed a |stat()| call recently and then it caused bug 127408.
QA Contact: sairuh → petersen
Also, I tried to open the serial port COM2 on /dev/ttyS1 and noticed that
Mozilla started using the port and didn't stop even after completely quitting
Mozilla.

[root@localhost guest]# fuser -v /dev/ttyS1
                     USER        PID ACCESS COMMAND
/dev/ttyS1           guest      2240 f....  mozilla-bin
                     guest      2249 f....  mozilla-bin
        [.......]

I had to kill it; then the LED I had put on the serial port switched off again.
Whiteboard: [sg:fix]
Since remote content can't cause us to load file: URLs any more, the security
issue here is no longer relevant, and restricting file: further is neither
necessary nor wise.
Status: NEW → RESOLVED
Closed: 23 years ago19 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.