System Security Considerations: WWW Client

The Threat:

A malicious server may try to invade the client machine

Click here for lots of cool stuff!

Web servers are easy to set up 




The Main Mechanism:


	
 
 
 

	Client calls to external "helper" applications
	

	Security flaws of viewers may be exploited (e.g. older ghostscript)
	

	Client can be configured to run shell scripts sent from server  
	
	
 




Another Mechanism:


	
 
 
 

	Browser bugs allowing buffer overflows
	

	Commands can be compiled, put on stack after overflow
	
 


















for more information....



Security Concerns of Executing Shell Scripts Inside Mosaic