'Bug#14253: kmail html security bug'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    Bug#14253: kmail html security bug
From:       Michael Haeckel <Michael () Haeckel ! Net>
Date:       2000-11-01 12:18:08
[Download RAW message or body]

On Wednesday,  1. November 2000 10:09, Tilo Ulbrich wrote:
> Am Dienstag, 31. Oktober 2000 21:41 schrieb Michael Haeckel:
> >
> > We have a big fat warning in our configuration dialog, that HTML mail is
> > a security risk.
>
> Sure. But now it's a security risk fewer. But please never activate
> JavaScript :-))
>
> > Sorry, can't reproduce. If I create a HTML mail like this, the link is
> > blue, but not clickable. If I use href="file:/opt/kde2/bin/kwrite" the
> > link is at least clickable, but nothing happens, although the file
> > exists. Can you send me a mail, that contains such a risk?
>
> I wrote you a HTML mail.

Thanks, I don't know, what I did wrong yesterday.

"/bin/rm -rf ~/" is problably more dangerous :-)

I just fixed it in the HEAD branch. If someone confirms, that the attached 
patch is correct, I commit it also to the KDE_2_0_BRANCH and send a mail to 
the translators.

Regards,
Michael Häckel
["dont-execute.diff" (text/plain)]

? dont-execute.diff
Index: kmmainwin.cpp
===================================================================
RCS file: /home/kde/kdenetwork/kmail/kmmainwin.cpp,v
retrieving revision 1.230
diff -u -3 -p -r1.230 kmmainwin.cpp
--- kmmainwin.cpp	2000/10/25 21:08:26	1.230
+++ kmmainwin.cpp	2000/11/01 12:17:33
@@ -39,6 +39,7 @@
 #include <kedittoolbar.h>
 #include <kkeydialog.h>
 #include <kcharsets.h>
+#include <kmimetype.h>
 
 #include "configuredialog.h"
 #include "kmbroadcaststatus.h"
@@ -1141,6 +1142,14 @@ void KMMainWin::slotUrlClicked(const KUR
 	   (aUrl.protocol() ==  "ftp") || (aUrl.protocol() == "file"))
   {
     statusMsg(i18n("Opening URL..."));
+    KMimeType::Ptr mime = KMimeType::findByURL( aUrl );
+    if (mime->name() == "application/x-desktop" ||
+        mime->name() == "application/x-executable" ||
+        mime->name() == "application/x-shellscript" )
+    {
+      if (KMessageBox::warningYesNo( 0, i18n( "Do you really want to execute"
+        " '%1' ? " ).arg( aUrl.prettyURL() ) ) != KMessageBox::Yes) return;
+    }
     // -- David : replacement for KFM::openURL
     if ( !KOpenWithHandler::exists() )
       (void) new KFileOpenWithHandler();


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic