[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Does Rich Text hold the same risks as html ?

To: SuSE Security List <suse-security@xxxxxxxx>
Subject: Re: [suse-security] Does Rich Text hold the same risks as html ?
From: "Carlos E. R." <robin1.listas@xxxxxxxxxx>
Date: Thu, 26 Jan 2006 13:48:24 +0100 (CET)
Delivered-to: mailing list suse-security@xxxxxxxx
In-reply-to: <43D88776.1070704@xxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <22ef5ea70601240647n32dbe610g5330a2b24010df59@xxxxxxxxxxxxxx> <200601241332.54597.jfweber@xxxxxxxxxxxxx> <43D8115A.3030501@xxxxxxxxxx> <Pine.LNX.4.61.0601260144070.8192@xxxxxxxxxxxxxxxx> <43D88776.1070704@xxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Thursday 2006-01-26 at 00:25 -0800, Crispin Cowan wrote:

> > A trick was published here about how to block acroread from contacting
> > internet outside, using the local machine firewall.

> I posted a trick of how to prevent it using AppArmor, which is to deny
> Acrobat read access to the Javascript libraries. If there was a
> firewall-based trick, I haven't seen it. I have some issue with whether
> it *could* work; you are going to want to configure your firewall so
> that HTTP requests can go out port 80, and there is nothing to prevent
> the Javascript from using exactly that channel to get their message out.

It was published by Nordi:

| Date: Mon, 18 Apr 2005 15:56:26 +0200
| From: nordi <nordi@xxxxxxxxx>
| Subject: Re: [suse-security] How to block Acroread 7 with SuSE FW2?

The trick, that only works if the firewall is in the same machine, is to 
make the acrobat binary owned by a certain group, say "talker" and make it 
SGID; then, using the "--gid-owner" option in iptables, you can block any 
program executing under that group from internet access:

iptables -A OUTPUT -m owner --gid-owner talker -j REJECT

I'm sure there are people here much more knowleadgeable than me in this 
things who could write a small script to activate/deactivate that iptables 
rule when the user wants, coupled with a line in /etc/permissions.local.

;-)

It could be inserted in "/etc/sysconfig/scripts/SuSEfirewall2-custom", but 
I don't know exactly where.


- -- 
Cheers,
       Carlos Robinson

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFD2MUbtTMYHG2NR9URAopPAJ0a3vxUGZiNCngR2UilttMecOjcngCfeAox
l0fHwuNHda5UOW2dQL9IcMI=
=KjsX
-----END PGP SIGNATURE-----


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

References:
- [suse-security] susefirewall2
  - From: Walter Pabon Guerra
- Re: [suse-security] Does Rich Text hold the same risks as html ?
  - From: jfweber
- Re: [suse-security] Does Rich Text hold the same risks as html ?
  - From: Crispin Cowan
- Re: [suse-security] Does Rich Text hold the same risks as html ?
  - From: Carlos E. R.
- Re: [suse-security] Does Rich Text hold the same risks as html ?
  - From: Crispin Cowan

Prev by Date: [suse-security] problem with susefirewall2 and squid
Next by Date: Re: [suse-security] Does Rich Text hold the same risks as html ?
Previous by thread: Re: [suse-security] Does Rich Text hold the same risks as html ?
Next by thread: Re: [suse-security] Does Rich Text hold the same risks as html ?
Index(es):
- Date
- Thread