SLUG Mailing List Archives
Re: [SLUG] Can I rid myself of the mozilla/default/i1lxwmz4.slt/ dirname ?
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] Can I rid myself of the mozilla/default/i1lxwmz4.slt/ dirname ?
- From: Michael Lake <Mike.Lake@xxxxxxxxxx>
- Date: Wed Dec 11 17:11:02 2002
- Organization: University of Technology, Sydney
Ian Wienand wrote (privately to me but seems suitble for slug):
and it says...
> b) We again are being burnt by the fact that the attacker can guess where we
> will place a file (re: default user directory). At some point we need to put
> some more randomization in this placement.. but we never seem to get aronud to
> it... and it has burnt us many times.
Ah thanks. So it is a security feature. Its a long article and thread
but it seems like a very trivial thing for an attacker to circumvent it
in time and indeed at the end of that article a person tells how to get
that dir name from Windows registry "clear as day"..
I see there is more about it at:
> On Wed, Dec 11, 2002 at 04:31:12PM +1100, Michael Lake wrote:
> > I notice that al recent Mozilla Mailers on Windows and Linux have this
> > strange directory as follows:
> > .mozilla/default/i1lxwmz4.slt/
> > I read that it was a security feature on a Mac OSX newslist but I really
> > It's set in prefs.js and I could edit this file and just remove that
> > part of the dir path and move all things under it a level up.
> > Does anyone know if this can be changed and if so what will break ?
Thanks Ian for that link to the explanation.
Uni of Technol., Sydney
UTS CRICOS Provider Code: 00099F
This email message and any accompanying attachments may contain
confidential information. If you are not the intended recipient, do not
read, use, disseminate, distribute or copy this message or attachments.
If you have received this message in error, please notify the sender
immediately and delete this message. Any views expressed in this message
are those of the individual sender, except where the sender expressly,
and with authority, states them to be the views the University of
Technology Sydney. Before opening any attachments, please check them for
viruses and defects.