[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Bug#14253: kmail html security bug
From: Don Sanders <sanders () kde ! org>
Date: 2000-11-01 14:32:31
[Download RAW message or body]
Oh, I just checked in a fix for the HEAD branch too. I guess they didn't
conflict, perhaps Michael's patch is better feel free to revert mine.
I regard the problem as a bug but not a security exploit. Still it's a
serious bug and the person who discovered it did a good job.
I agree with the comments Daniel and George made about running KMail as root
being a bad idea.
BFN,
Don.
On Wednesday 01 November 2000 14:33, Daniel Naber wrote:
> On Wednesday 01 November 2000 13:18, Michael Haeckel wrote:
> > I just fixed it in the HEAD branch. If someone confirms, that the
> > attached patch is correct, I commit it also to the KDE_2_0_BRANCH and
> > send a mail to the translators.
>
> The patch works for me. But from a security point of view, it would be
> better to revert the first if(). i.e. don't check when to use the popup,
> but check when not to use it (e.g. text/html). On the other hand, I don't
> think we should not trust findByURL() at all. It's more secure to always
> pop up the dialog (with "open" instead of "execute" if it makes more
> sense).
>
> Regards
> Daniel
["openbug.diff" (text/x-c)]
Index: kmreaderwin.cpp
===================================================================
RCS file: /home/kde/kdenetwork/kmail/kmreaderwin.cpp,v
retrieving revision 1.209
diff -u -b -r1.209 kmreaderwin.cpp
--- kmreaderwin.cpp 2000/10/19 15:45:29 1.209
+++ kmreaderwin.cpp 2000/11/01 14:21:18
@@ -1282,7 +1282,11 @@
slotAtmOpen();
}
- else emit urlClicked(aUrl,/* aButton*/LeftButton); //### FIXME: add button to URLArgs!
+ else {
+ if (aUrl.protocol().isEmpty() || (aUrl.protocol() == "file"))
+ return;
+ emit urlClicked(aUrl,/* aButton*/LeftButton); //### FIXME: add button to URLArgs!
+ }
}
_______________________________________________
Kmail Developers mailing list
Kmail@master.kde.org
http://master.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic