My favorites | Sign in
Google
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
New issue | Search
for
| Advanced search | Search tips
Issue 66: [security-contest-submission]: Information leakage from environment variables
3 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  bsy+leg...@google.com
Closed:  Jul 08
Security-Contest
Type-Defect


Sign in to add a comment
 
Reported by teamfkmr, Mar 24, 2009 
Team: teamfkmr
Tested OS: Linux
Tested Browser: Firefox 3.0.7
Nacl Version: nacl_linux_46_2009_03_12.tgz

Native Client has an information leakage. It is possible to get environment
variables in client machine, which include user name, path information, and
so on.
leakenvvars.tar.gz
168 KB Download
Comment 1 by nativeclient.admin, Apr 01, 2009 
(No comment was entered for this change.)
Status: Accepted
Owner: b...@google.com
Comment 2 by nativeclient.admin, Apr 01, 2009 
(No comment was entered for this change.)
Labels: Type-Defect
Comment 3 by bsy+leg...@google.com, Jul 08, 2009 
Fixed in 150197, though precisely which environment variables should be allowed to 
pass through is still subject to discussion.
Status: Fixed
Sign in to add a comment