TUCoPS :: HP Unsorted U :: tb12922.htm

URI handling as the harbinger of interaction errors
URI handling as the harbinger of interaction errors
URI handling as the harbinger of interaction errors

Throughout this whole discussion on URI handling and IE, let's not
forget that:

1) ANY technology that uses "handlers" that pass commands and
   arguments from one process to another, is likely to have these
   kinds of issues.  Web browsers are just the first to get this kind
   of attention.  All products that support plugins, whether web-based
   or not, should be examined for this type of problem.

2) Programs that were formerly assumed to be safe because they were
   only ever intended to be invoked by a single user, will now become
   unsafe if they're referenced in a handler.  Think second-order
   symlink issues as one example, or buffer overflows in command-line
   arguments for non-setuid programs that are likely to be used in
   handlers (image converters, anyone?)

3) These kinds of interaction errors, when disclosed, will probably
   continue to generate widespread debate.  It's the nature of
   interaction errors that either side could be "blamed."

4) The best currently feasible solution is likely to require that the
   invoking process stricly enforces which arguments it passes to the
   invoked process.  It should be obvious that string-based command
   construction is too risky.  Also, the invoked process might have a
   default mode of operation that disallows arguments that might be
   especially dangerous.  This will likely break legitimate
   functionality that's in active use, so adoption of such solutions
   will be slow.

5) As technologies become more integrated, we're likely to see more
   reports like this.

- Steve

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH