From: Kevin M S. <ke...@si...> - 2004-11-20 09:34:57
|
Nathan Walp wrote: > Tim Ringenbach wrote: > >> Herman Bloggs wrote: >> >>> gaim_notify_uri now needs trusted parameter to indicate whether >>> the source of the uri is trusted. This helps us avoid the security >>> risks >>> involved in blindly executing untrusted local file URIs in windows. >>> This >>> fixes the MSN open mail bug on windows. >>> >>> >>> Index: notify.h >>> >>> >>> /** >>> * Opens a URI or somehow presents it to the user. >>> * >>> - * @param handle The plugin or connection handle. >>> - * @param uri The URI to display or go to. >>> + * @param handle The plugin or connection handle. >>> + * @param uri The URI to display or go to. >>> + * @param trusted The source of the URI is trusted. >>> * >>> * @return A UI-specific handle, if any. This may only be presented if >>> * the UI code displays a dialog instead of a webpage, or >>> something >>> * similar. >>> */ >>> -void *gaim_notify_uri(void *handle, const char *uri); >>> +void *gaim_notify_uri(void *handle, const char *uri, gboolean trusted); >>> >>> >>> >> >> This would be a good place to document exactly what the policy is for >> when a uri is considered trusted or not. > > > I really don't think we should be trusting ANYTHING that comes over the > network over a non-trusted connection. Right now even for SSL > connections we do no validation, so I question every call to > gaim_notify_uri() with trusted set to TRUE. Of course, I also question > the need for this at all. There shouldn't be anything "secure" or > "insecure" about a damn URI. Such is the nature of Windows and file:// URLs I guess. Why exactly should we ever allow file:// urls to be executed anyway? Is there actually something a server sends that would point to a file on the local filesystem? How does this thing know what's where on the local filesystem in the first place? Why don't we just forcefully disallow Gaim from opening filesystem URLs with gaim_notify_uri()? I haven't really followed the progression of this MSN open mail bug, but is this implying MSN points the user to a local file when new mail arrives? If it just goes to a web site, I can't see where the problem lies. Kevin |