[21613] in bugtraq
Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)
daemon@ATHENA.MIT.EDU (Jeffrey W. Baker)
Wed Jul 18 13:36:41 2001
Date: Wed, 18 Jul 2001 09:54:12 -0700 (PDT)
From: "Jeffrey W. Baker" <jwbaker@acm.org>
To: Ishikawa <ishikawa@yk.rim.or.jp>
Cc: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
In-Reply-To: <3B54A760.FEFB9844@yk.rim.or.jp>
Message-ID: <Pine.LNX.4.33.0107180952110.15759-100000@heat.gghcwest.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 18 Jul 2001, Ishikawa wrote:
> The next is a showstopper.
> The problem URL that caused the hung of browser,
> at least, on my PC is the following.
>
> file:///dev/pty0
>
> This locked my netscape navigator solid.
> I had to kill it using kill command from another
> xterm window. X didn't get hung, etc..
> Since trying other devices may cause more severe problems
> I stopped testing here.
Using <img src="file:///dev/tty0"> on my Linux machine caused Netscape and
Mozilla both to eat all the keyboard input. I had to use another machine
to kill it. I expected Netscape to NOT open file URIs from within a page
fetched via !file (http, https, ftp, gopher, etc.).
-jwb
