#5656 NORM Never A: Terminal should not claim to handle text/plain!
Zarro Boogs per Child
bugtracker at laptop.org
Sun Dec 23 18:37:33 EST 2007
#5656: Terminal should not claim to handle text/plain!
---------------------------------+------------------------------------------
Reporter: cscott | Owner: edsiper
Type: defect | Status: new
Priority: normal | Milestone: Never Assigned
Component: terminal-activity | Version:
Keywords: security, update.1? | Verified: 0
Blocking: | Blockedby:
---------------------------------+------------------------------------------
Fun thing to do:
Type 'sudo echo /bin/rm -rf /' in Terminal. Select the text, copy it to
the clipboard.
In the clipboard, select "Open in Terminal". Ouch!
Since Terminal registers itself for the mime types text/plain and
text/rtf, and just pastes the contents into the shell, you can launch this
attack via Browse as well.
Terminal should not register itself to handle mime-types!
--
Ticket URL: <http://dev.laptop.org/ticket/5656>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list