[21727] in bugtraq
Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)
daemon@ATHENA.MIT.EDU (George Staikos)
Fri Jul 20 11:39:20 2001
Content-Type: text/plain;
charset="iso-8859-1"
From: George Staikos <staikos@0wned.org>
To: bugtraq@securityfocus.com
Date: Fri, 20 Jul 2001 09:35:26 -0400
In-Reply-To: <84d76yyqzx.fsf@rjk.greenend.org.uk>
MIME-Version: 1.0
Message-Id: <01072009352603.01327@thunk.is.0wned.org>
Content-Transfer-Encoding: 8bit
On Wednesday 18 July 2001 15:30, Richard Kettlewell wrote:
> A better answer might be to stat the file, and reject it if it not a
> regular file. Another approach would be to forbid inlining "file:"
> URLs from external pages, as described at
> http://bugzilla.mozilla.org/show_bug.cgi?id=91316
Exactly this has been done in Konqueror CVS and will be in the upcoming
2.2 release. It wouldn't allow opening of these in the URL bar but it would
open them as <IMG SRC="">.
--
George Staikos
