|
|
Dangerous? Don't think so.
Let's see... the dangerous items, the items which could potentially be controlled by the operator of a malicious web site, are the URL, the page title, and the icon. None of these items are ever exposed to a command line, either directly or by output within a backtick construct- the only things in backticks are the "find" command which locates Firefox's bookmarks.html file, and the word "uuidgen" which is a command to generate UUID numbers which are used as unique filenames.
Dangerous?
I'm not about to check it, but I think that if a bookmarked site has a title that contains
then you might be in trouble. It's probably not that likely, but it definitely tried to run at least two commands when parsing my bookmarks.
Yes, dangerous.
None of these items are ever exposed to a command line, either directly or by output within a backtick construct You are assuming that none of the bookmarks themselves contain backticks. By the time the portion is piped into sh, there are no more shell escapes, so everything in each of those items would be subject to full shell interpretation. Backticks, $, etc.
While the common case would simply be a partially mangled export, this allows arbitrary code execution (obviously vastly more likely to be accidental than malicious, but still a very dangerous thing to run). Deletion of files, upload of files to remote server, you name it. If you don't believe it, try it with a bookmark named `touch ~/uh-oh`
And a fix
And as a follow-up, you can make it more correct (no mangled names) and much safer by changing
to
(Yes, that's single-quote double-quote singe-quote double-quote single-quote on each side)
|
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.33 seconds |
|