lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 21 Oct 2011 13:57:48 -0700
From: Chris Evans <scarybeasts@...il.com>
To: security@...ossecurity.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Google Chrome pkcs11.txt File Planting

On Fri, Oct 21, 2011 at 2:06 AM, ACROS Security Lists <lists@...os.si> wrote:
>
> A month ago our company notified Google about a peculiar behavior of Chrome browser
> that can be exploited for execution of remote code outside Chrome sandbox under
> specific conditions. Our new blog post describes it all.
>
> http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html

Interesting. Clear write-up.
I'm not a Windows guy but the article led me to research this:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=windows+file+dialog+changes+cwd

Isn't that the most significant contributor? An application carefully
puts its CWD somewhere sane and then the underlying operating system
flips it around later? Might that also cause non-determinism for
multi-threaded apps? Does the problem affect Mac, Linux users?


Cheers
Chris

>
> or
>
> http://bit.ly/olK1P9
>
> Enjoy the reading!
>
>
> Mitja Kolsek
> CEO&CTO
>
> ACROS, d.o.o.
> Makedonska ulica 113
> SI - 2000 Maribor, Slovenia
> tel: +386 2 3000 280
> fax: +386 2 3000 282
> web: http://www.acrossecurity.com
> blg: http://blog.acrossecurity.com
>
> ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ