[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: Bug#14253: kmail html security bug
From: Michael Haeckel <Michael () Haeckel ! Net>
Date: 2000-11-01 12:18:08
[Download RAW message or body]
On Wednesday, 1. November 2000 10:09, Tilo Ulbrich wrote:
> Am Dienstag, 31. Oktober 2000 21:41 schrieb Michael Haeckel:
> >
> > We have a big fat warning in our configuration dialog, that HTML mail is
> > a security risk.
>
> Sure. But now it's a security risk fewer. But please never activate
> JavaScript :-))
>
> > Sorry, can't reproduce. If I create a HTML mail like this, the link is
> > blue, but not clickable. If I use href="file:/opt/kde2/bin/kwrite" the
> > link is at least clickable, but nothing happens, although the file
> > exists. Can you send me a mail, that contains such a risk?
>
> I wrote you a HTML mail.
Thanks, I don't know, what I did wrong yesterday.
"/bin/rm -rf ~/" is problably more dangerous :-)
I just fixed it in the HEAD branch. If someone confirms, that the attached
patch is correct, I commit it also to the KDE_2_0_BRANCH and send a mail to
the translators.
Regards,
Michael Häckel
["dont-execute.diff" (text/plain)]
? dont-execute.diff
Index: kmmainwin.cpp
===================================================================
RCS file: /home/kde/kdenetwork/kmail/kmmainwin.cpp,v
retrieving revision 1.230
diff -u -3 -p -r1.230 kmmainwin.cpp
--- kmmainwin.cpp 2000/10/25 21:08:26 1.230
+++ kmmainwin.cpp 2000/11/01 12:17:33
@@ -39,6 +39,7 @@
#include <kedittoolbar.h>
#include <kkeydialog.h>
#include <kcharsets.h>
+#include <kmimetype.h>
#include "configuredialog.h"
#include "kmbroadcaststatus.h"
@@ -1141,6 +1142,14 @@ void KMMainWin::slotUrlClicked(const KUR
(aUrl.protocol() == "ftp") || (aUrl.protocol() == "file"))
{
statusMsg(i18n("Opening URL..."));
+ KMimeType::Ptr mime = KMimeType::findByURL( aUrl );
+ if (mime->name() == "application/x-desktop" ||
+ mime->name() == "application/x-executable" ||
+ mime->name() == "application/x-shellscript" )
+ {
+ if (KMessageBox::warningYesNo( 0, i18n( "Do you really want to execute"
+ " '%1' ? " ).arg( aUrl.prettyURL() ) ) != KMessageBox::Yes) return;
+ }
// -- David : replacement for KFM::openURL
if ( !KOpenWithHandler::exists() )
(void) new KFileOpenWithHandler();
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic