From owner-freebsd-questions@FreeBSD.ORG Fri Jul 6 12:47:45 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 52ED9106564A for ; Fri, 6 Jul 2012 12:47:45 +0000 (UTC) (envelope-from carstenmattner@gmail.com) Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 0BDB58FC0C for ; Fri, 6 Jul 2012 12:47:44 +0000 (UTC) Received: by ghbz22 with SMTP id z22so9929176ghb.13 for ; Fri, 06 Jul 2012 05:47:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Rf2iAj6aTzhq+0BrXvVfFzv46tsHfu3u8yhSbgukY0s=; b=KOC0KqNoFfDqczhZwJLaOM35UXYz/zDftCcbpjceSzVtsR6lkA0JBcMTbtWPXkZ42Q /onZugUhh5KQfFlN97wf+Bpy23ZlUVjAZuGn8naZK2nUYXQ8WWfSJc/Y0kjJTJcOa/rg TjVMIlN5yM6esNtyPbRzNF5C72e+WOc9bsvzoP7Lffe+eiZNuE/SqWCQAbnq9Zv8uOts yyJ/2RuVO8Q7hXshVhh9XaRx1VjM+ZWoJ5RnxOk2RHNbpaIKPCLolbgu8oTKskGsm82l CSgubLYQDDprF7xxUk+HjbCiGPfsJVBDd8cJZB+Z+tz7VKH4kZXM4Dj/NWGnZgq7aySd 7n+w== MIME-Version: 1.0 Received: by 10.50.154.233 with SMTP id vr9mr2482200igb.9.1341578863970; Fri, 06 Jul 2012 05:47:43 -0700 (PDT) Received: by 10.64.9.78 with HTTP; Fri, 6 Jul 2012 05:47:43 -0700 (PDT) In-Reply-To: <201207060042.q660g65c082363@fire.js.berklix.net> References: <201207060042.q660g65c082363@fire.js.berklix.net> Date: Fri, 6 Jul 2012 14:47:43 +0200 Message-ID: From: Carsten Mattner To: "Julian H. Stacey" Content-Type: text/plain; charset=ISO-8859-1 Cc: Wojciech Puchar , freebsd-questions@freebsd.org Subject: Re: FreeBSD vs Hurd what is the differences? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 12:47:45 -0000 On Fri, Jul 6, 2012 at 2:42 AM, Julian H. Stacey wrote: > Hi, > Reference: >> From: Carsten Mattner >> Date: Fri, 6 Jul 2012 00:28:32 +0200 >> Message-id: > > Carsten Mattner wrote: >> On Thu, Jul 5, 2012 at 4:39 PM, Wojciech Puchar >> wrote: >> >>> As for reading anything else than internal firefox data it is not >> >>> possible >> >>> except very basic bug is there. >> >> >> >> >> >> Yes otherwise all the flash sites would have gathered files from local >> >> disks. >> > >> > >> > true. javascript activity is sandboxed. But within that sandbox there are >> > million bugs. >> > >> > i've already seen trojans that completely took control over firefox. >> > But - in spite it was windoze - ONLY firefox. Everything else was fine. >> > >> > Deleting firefox user data removed the trojan. >> >> Nothing is impossible at that complexity. >> >> I'd still like to know what Julian saw as you didn't see that. >> Did it really contain a script which made it fetch random files from the >> local disk? > > I don't know. > I wrote how I obtained the data patern I saw, in my: Fair enough :). >> Message-id: <201207050936.q659aWCI016222@fire.js.berklix.net> >> Date: Thu, 05 Jul 2012 11:36:32 +0200 > > Others very welcome to try it. Of course. >> Julian? > >> Which Firefox version? > > Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 I don't want to be that guy whos says it but that version is old and may contain widely known holes. >> I am a little concerned. > > Me too ! > Not had tme to pursued it though. > & I dont feel like exporting that data public > in case its already gone too far. You don't have to export it at all. Can you confirm the data within is the same as say the same file in /etc or ~/.ssh? If that's really the case, it's a problem. > I suggest others create a dummy guest account & then accesss URL & do > page save as I wrote.