Security Update 2006-003

  • LaunchServices

    Impact: Viewing a malicious web site may lead to arbitrary code execution

    Description: Long file name extensions may prevent Download Validation from correctly determining the application with which an item may be opened. [...]

  • Safari

    Impact: Visiting malicious web sites may lead to file manipulation or arbitrary code execution

    Description: When Safari's "Open `safe' files after downloading" option is enabled, archives will be automatically expanded. [...]

This could also have been fixed in 2004

More examples of the same problem previously mentioned.

Instead of putting "Download Validation" in LaunchServices, create a separate interface for programs that are opening untrusted documents and files that only contains applications that are designed to deal specifically with untrusted objects. These applications would tend to be "viewer" versions, with editing, scripting, and of course any kind of automatic unpacking or installing disabled. For example, they might have...

  • An archive application that just displays the contents of the archive, and lets you decide what to do with it. And, of course, uses this "WebServices" interface to open documents in the archive.
  • Something like Microsoft's "Word Viewer" application, that lets you view Word documents on Windows without being able to run scripts.
  • An FTP client that is limited to downloading files and (of course) uses "WebServices".
  • And so on... and most importantly it wouldn't contain handlers for things like "help:" or "x-man-page:" or any scripting language... so even if they manage to hide something in an archive that's pointing to the "wrong" type there won't be any handler for it to take advantage of...
This would not just eliminate these problems, it would make other problems (like the Preview and BOM holes, that could be exploited through Open Safe Files) from big security problems to little reliability problme.

Lynx-enhanced by <peter at> (Peter da Silva) Get Firefox - The Browser Reloaded