[ANN] A 6 MB SqueakPlugin.image
Andreas Raab
andreas.raab at gmx.de
Tue Jun 6 10:26:40 UTC 2006
Michael Rueger wrote:
> The SqueakPlugin.image is also set so that downloading any file from the
> web turns on secure mode, restricting access to your file system to the
> safe directory (see above). "Normal" image don't have that, so if
> somebody knows/guesses you have the Squeak3.8 image somewhere on your
> filesystem they might build a squeak project launching page that guesses
> a location in your filesystem and then executes something nasty.
Worse than that: If you allow an absolute location, all some code needs
to do is to download an image into the accessible location and once
done, redirect the browser to a page that refers to that location (via
argument). No guessing necessary, this works simply and direct.
Cheers,
- Andreas
More information about the Squeak-dev
mailing list
|