The most recent 20 comments posted to Making Light by Peter da Silva:

Show all comments by Peter da Silva.

Posted on entry Bleeping huge security hole ::: May 19, 2004, 10:27 AM:
This is exactly why I have been pushing in every forum I can, and sending feedback to Apple, for the past several months, urging that they back away from the increasing integration between the browser and other applications. Having a single set of bindings for trusted and untrusted sources is why Internet Explorer and Outlook have been security nightmares for most of the past decade.

I can understand Microsoft doing this: they have political reasons for "integrating" the desktop and the browser (they're not good reasons... trying to weasel out of an agreement with the DoJ is never a good reason). I can't understand Apple, though: there should be at least *two* unrelated sets of bindings... one to be used for applications that work with local documents and one for applications that work with untrusted documents... and the bindings for applications that work with untrusted documents should be *absolutely* minimal.

In fact, by default and in the absence of explicit uuser action nothing should ever be transferred from an untrusted document to another application, or any integration of trusted and untrusted namespaces. That includes:

Helper application for URL protocols (eg help:)
Helper applications for mime types (eg video/windows-media)
Helper applications for file extensions (eg .wma, .zip)
Internet-enabled disk images and installers.

If the target application is not known to be suitable for handling untrusted data, it must not be passed untrusted data.

If an application is known to be suitable for handling untrusted data, it must not be presented with helper applications that aren't similarly trusted.

This is a really basic security principle, one that nobody I know would have imagined would be commonly violated until Microsoft not only kicked it over but refused to pick it up again. For gods' sake, folks, don't accept the same insanity from Apple, and don't let Apple get away with a one-shot patch just for this specific instance of the problem... that way lies the Outlook-exploit-of-the-week syndrome.

Comment statistics for Peter da Silva on the Making Light blog

YearNumber of comments posted
20041

Total: 1 comments. View all these comments on a single page.