Re: XMosaic client vs. The Firewall

• To: mark@hsi.com (Mark Sicignano)
• Subject: Re: XMosaic client vs. The Firewall
• From: "David I. Dalva" <dave@tis.com>
• Date: Tue, 26 Jul 1994 10:11:28 -0400
• Cc: www-security@ns1.rutgers.edu, schaller@hsi.com, palmer@hsi.com, kenney@hsi.com, king@hsi.com, lang@hsi.com
• In-Reply-To: Your message of "Mon, 25 Jul 1994 20:59:07 EDT." <199407260059.AA12199@hsi86.hsi.com>

	Well, let me start out by asking some questions.  We've been using the
	WWW for roughly 9 months now...  We have the X version of Mosaic
	running.  Our access is currently being threatened by a firewall.

	We aren't running a server as of yet, just the Mosaic client.  (v2.4 I
	believe).

There are several security issues related to running Mosaic or other web
clients behind a firewall.  Some are less concrete than others.

1) The Mosaic client program is very large, and not implemented in the most
   security concious manner possible.  Bugs in the software may permit a
   maliciously configured HTTP server on the Internet to cause damage to
   systems running client software.  Historically, this has been a problem,
   and new versions have been released that fix known bugs.  It is a near
   certainty that similar bugs remain.

2) The Mosaic client software is designed to invoke external interpreters for
   certain data types that it cannot handle internally.  This causes clients
   running inside the security perimeter to execute local programs on
   arbitrary data obtained from the Internet.  A noteworthy example is the
   Postscript interpreter:  Postscript is a general purpose programming
   language, and potentially malicious code contained within the Postscript
   program may wreak havoc on the local environment.  Some solutions are to
   limit the interpreters to implement a subset of the language, run them in
   restricted environments, and/or perform code analyses.

3) Users within the firewall may use the HTTP proxy to bypass security
   mechanisms imposed by the firewall.  For example, the HTTP proxy supports
   FTP, which bypasses the firewall FTP proxy that provides FTP securely and
   with auditing.  Turning off the capability to run these other network
   services limits key functionality of the web.

4) A feature of the software is to hide most access mechanisms from the user.
   A user simply clicks on a picture or line of text which may be bound to an
   operation that the user did not intend.  Users can be fooled into invoking
   network services that they would not normally invoke.  For example,
   clicking on a link can connect the user to the mail server on another
   system causing him to send threatening email to a user on that system.

5) The HTTP proxy server is large, complex, and may run in a privileged mode.
   It may cause harm to the firewall itself.

• Shen Code Modifications to libwww.
• From: hallam@dxal18.cern.ch

• XMosaic client vs. The Firewall
• From: mark@hsi.com (Mark Sicignano)

• Previous: Hello!
• Next: Firewall?
• Index(es):
  • Index
  • Thread