[4530] in bugtraq
Mac/At Ease/Netscape File Access Exploit
daemon@ATHENA.MIT.EDU (Nathan Dorfman)
Wed May 21 00:54:24 1997
Date: Tue, 20 May 1997 18:10:15 -0400
Reply-To: Nathan Dorfman <nathan@SENATE.ORG>
From: Nathan Dorfman <nathan@SENATE.ORG>
To: BUGTRAQ@NETSPACE.ORG
Please don't flame me for posting Mac stuff to a UNIX list I see NT
crap here all the time, and thought some admins may think twice before
running At Ease (or before running Macs in the first place).
SYNOPSIS: At Ease apparently doesn't patch the kernel to introduce file
restrictions, but modifies a library that programs call to display an
Open File dialog box.
IMPACT: This bug allows a user to read files and directories he shouldn't
have access to under the At Ease system.
DESCRIPTION: Under At Ease, files and folders that you shouldn't have access
to are grayed out in Open File dialogs. Using a program like Netscape you
can bypass the dialog, using a URL such as:
file://TZHS%20HD%202/Documents/Dorfman%20Nathan
Note that the implementation of Netscape used automatically converted
spaces to %20 combinations as required by HTTP 1.1 (RFC 2068):
file://TZHS HD 2/Documents/Dorfman Nathan/
Will show the contents of that folder. For non-text files, you can simply
save the file into a folder you DO have access to and use the appropriate
program to open it.
EXTRA NOTES: Netscape will not let you modify the folders but a simple program
can be written that takes a filename in a text-box and opens the file from its
location, without copying. If you can write Mac code, and are willing to,
please send to nathan@senate.org.
