FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-10-2011, 08:24 PM
 
Default Configuring Iceweasel security policies.

After reading http://kb.mozillazine.org/Security_Policies
add these four lines to dalton:/etc/iceweasel/pref/iceweasel.js .

// Allow my file URI to be opened.
user_pref("capability.policy.policynames", "localfilelinks");
user_pref("capability.policy.localfilelinks.checkl oaduri.enabled", "allAccess");
user_pref("capability.policy.localfilelinks.sites" , "http://peter@members.shaw.ca:80");

# From: Scott Ferguson <prettyfly.productions@gmail.com>
# Date: Fri, 10 Jun 2011 17:31:08 +1000
> Soft links'll work fine.

OK, dalton:/Category2.html is now a soft link to /home/peter/Category2.html.

At dalton open
http://members.shaw.ca/peasthope/#Links
and click on the link file:///Category2.html .

This message comes to the Iceweasel error console.
Security Error: Content at http://members.shaw.ca/peasthope/#Links may not load or link to file:///Category2.html.

Appears that the instructions for the Mozilla security policies are for the case
where both the file URI link comes from the same machine as the browser runs on.

Any better ideas to configure for my case where the file URI link is in
members.shaw.ca/peasthope and the browser is on dalton?

Thanks, ... Peter E.

--
Telephone 1 360 450 2132. bcc: peasthope at shaw.ca
Shop pages http://carnot.yi.org/ accessible as long as the old drives survive.
Personal pages http://members.shaw.ca/peasthope/ .


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 171057034.50720.43927@cantor.invalid">http://lists.debian.org/171057034.50720.43927@cantor.invalid
 
Old 06-10-2011, 08:38 PM
 
Default Configuring Iceweasel security policies.

From: peasthope@shaw.ca
Date: Fri, 10 Jun 2011 12:24:32 -0800
> Appears that the instructions for the Mozilla security policies are for the case
> where both the file URI link comes from the same machine as the browser runs on.

That was garbled. This might make more sense.

Are the instructions for the Mozilla security policies for the case where the
page containing the file URI link and the page targeted are on the same machine?

Any better ideas to configure for my case where the file URI link is in
members.shaw.ca/peasthope and the target page and browser are on dalton?

Thanks, ... Peter E.


--
Telephone 1 360 450 2132. bcc: peasthope at shaw.ca
Shop pages http://carnot.yi.org/ accessible as long as the old drives survive.
Personal pages http://members.shaw.ca/peasthope/ .


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 171057034.51641.43928@cantor.invalid">http://lists.debian.org/171057034.51641.43928@cantor.invalid
 
Old 06-11-2011, 11:11 AM
Camaleón
 
Default Configuring Iceweasel security policies.

On Fri, 10 Jun 2011 12:24:32 -0800, peasthope wrote:

> After reading http://kb.mozillazine.org/Security_Policies add these four
> lines to dalton:/etc/iceweasel/pref/iceweasel.js .

(...)

> This message comes to the Iceweasel error console. Security Error:
> Content at http://members.shaw.ca/peasthope/#Links may not load or link
> to file:///Category2.html.

(...)

Check if this helps:

***
http://www-archive.mozilla.org/releases/mozilla1.7.12/known-issues.html#psm

For security reasons, Mozilla does not allow web content to link to local
files. An error like:Security Error: Content at url may not load or link
to file:///something will appear in the javascript console. If you need
to follow links to local paths it is recommended that you drag the link
to the location bar and then drop it on the webpage. If you really don't
like the security check and are willing to risk all files on your system
and that your system can access then you may add the following line to
user.js in your personal profile directory. user_pref
("security.checkloaduri", false); (Bug 84128)
***

I mean, the part where it says how to disable the security check (I hope
you really know what you are doing here...).

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2011.06.11.11.11.29@gmail.com">http://lists.debian.org/pan.2011.06.11.11.11.29@gmail.com
 
Old 06-11-2011, 01:23 PM
Scott Ferguson
 
Default Configuring Iceweasel security policies.

On 11/06/11 06:24, peasthope@shaw.ca wrote:
> After reading http://kb.mozillazine.org/Security_Policies
> add these four lines to dalton:/etc/iceweasel/pref/iceweasel.js .
>
> // Allow my file URI to be opened.
> user_pref("capability.policy.policynames", "localfilelinks");
> user_pref("capability.policy.localfilelinks.checkl oaduri.enabled", "allAccess");
> user_pref("capability.policy.localfilelinks.sites" , "http://peter@members.shaw.ca:80");

Now that's confusing me too! I've never had to modify anything to get a
web browser to load local files.... or to load links from local files
either to local links or online links.

>
> # From: Scott Ferguson <prettyfly.productions@gmail.com>
> # Date: Fri, 10 Jun 2011 17:31:08 +1000
>> Soft links'll work fine.
>
> OK, dalton:/Category2.html is now a soft link to /home/peter/Category2.html.
>
> At dalton open
> http://members.shaw.ca/peasthope/#Links
> and click on the link file:///Category2.html .

I don't think that will work - for it to work *I* would have to have a
file called Category2.html in my / directory....


(mea culpa) As usual I've explained myself poorly.
Judging from the apache modules:-

members.shaw.ca gives you an account for peasthope - in your home
directory is a directory called public_html which is the root of webserver.
eg. /home/peasthope/public_html
You are probably free to create other directories beneath your home
eg. /home/peasthope/stuff
You have something you'd like to link to from webpage - the webpage
lives somewhere in public_html.
eg. /home/peasthope/public_html/index.html
Normally I would only serve files that live beneath public_html, and I
would/do use additional directories to make content management easier
(with static sites), using .htaccess files in each directory to control
what can be accessed.
Occasionally I might put some files in /home/peasthope/stuff and
soft-link them into public_html, just temporarily for testing purposes.
In your case you might be able to use that technique. You should then be
able to use LDAP to access the files in /home/peasthope/stuff - as long
as you don't change the name of the files, the soft-links will continue
to work as you change files.

Probably best if I reread your posts tomorrow when I'm less distracted -
I'm not sure I fully understand what you require.

>
> This message comes to the Iceweasel error console.
> Security Error: Content at http://members.shaw.ca/peasthope/#Links may not load or link to file:///Category2.html.
>
> Appears that the instructions for the Mozilla security policies are for the case
> where both the file URI link comes from the same machine as the browser runs on.
>
> Any better ideas to configure for my case where the file URI link is in
> members.shaw.ca/peasthope and the browser is on dalton?

You can't. That I know of. The link cannot be relative. I can't think of
how to use an absolute link across your network (firewall, network
protocols etc).

Need. more. coffee. will read the referenced mozillazine...

>
> Thanks, ... Peter E.
>

Cheers


--
Tuttle? His name's Buttle.
There must be some mistake.
Mistake? [Chuckles]
We don't make mistakes.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DF36C52.1050505@gmail.com">http://lists.debian.org/4DF36C52.1050505@gmail.com
 
Old 06-11-2011, 03:14 PM
Scott Ferguson
 
Default Configuring Iceweasel security policies.

On 11/06/11 06:38, peasthope@shaw.ca wrote:
> From: peasthope@shaw.ca
> Date: Fri, 10 Jun 2011 12:24:32 -0800
>> Appears that the instructions for the Mozilla security policies are for the case
>> where both the file URI link comes from the same machine as the browser runs on.
>
> That was garbled. This might make more sense.
>
> Are the instructions for the Mozilla security policies for the case where the
> page containing the file URI link and the page targeted are on the same machine?
>
> Any better ideas to configure for my case where the file URI link is in
> members.shaw.ca/peasthope and the target page and browser are on dalton?
>
> Thanks, ... Peter E.
>
>
I'll have a think about that and try and get back to you tomorrow night.

http://peter@members.shaw.ca/ (from your policy in the last post)
A login on a site with no authentication??

Cheers

--
Tuttle? His name's Buttle.
There must be some mistake.
Mistake? [Chuckles]
We don't make mistakes.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DF3865C.3090305@gmail.com">http://lists.debian.org/4DF3865C.3090305@gmail.com
 
Old 06-12-2011, 10:20 AM
Scott Ferguson
 
Default Configuring Iceweasel security policies.

On 12/06/11 12:05, peasthope@shaw.ca wrote:
> * From: Scott Ferguson <prettyfly.productions@gmail.com>
> * Date: Sat, 11 Jun 2011 23:23:30 +1000
<snipped>
> Here is my explanation again, step by step.
> * I sit in front of the console of dalton.
> * Using Iceweasel in Squeeze, open this. "http://members.shaw.ca/peasthope/#Links"
> It's public. Have a look.
> * There I see the link with anchor file:///Category2.html and target the same.
> * Click on that anchor. I expect dalton:/home/peter/Category2.html
> open but nothing happens except for the message to the Iceweasel
> error console. Ref. earlier message. Is there a syntax such as
> dalton.invalid:file:///Category2.html ?

Yes.

> * Save the page "http://members.shaw.ca/peasthope/" onto storage of Dalton.
> * Open that page on Dalton.
> * Now in this image from the local copy, click on the anchor file:///Category2.html.
> * Now Category2.html opens.
>
<snipped>
>
> The steps above demonstrate that the link from dalton:/Category2.html
> to dalton:/home/peter/Category2.html works.


Stepping through what you've described above...

You are on a Dalton console.
If you are *not* running as root (and why would you be?)

~$ pwd
~$ /home/peter

You saved the page to "storage of Dalton".... presumably "storage" is
somewhere below /home/peter....

eg.:-
home/peter/"Peter Lyall Easthope.html"

That page contains a link:-
[a href="file:///Category2.html"]file:///Category2.html[/a>]

That link points to Category2.html
ie.:-
~$ mlocate Category2.html (would give based on the info given...)
~$ /home/peter/Category2.html

You then say that the link works (I don't disbelieve you)- but that link
is pointing at the root of Dalton, not the root of Peters home directory....
So "something" I'm assuming in the above scenario is not correct.

Just to clarify:-
When you click on a http link in a html page the link is "relative" to
the web server. If the server is a webserver (eg. Apache) the root is
(generally) /var/www. The module running on the apache server at
member.shaw.ca means a virtual server for each user has it's root in the
users home directory
eg.
/home/peter (unlikely as you have config files there)
OR
/home/peter/public_html (more likely as now only files used by the web
server are in the root of the web server).

You shouldn't be able to save "Peter Lyall Easthope.html" to anywhere
above your home directory - and yet the file link in it will always
point to the root of Dalton. This is because an absolute file link in a
local (same machine) .html file always has the base of it's path as the
/ of that local machine (where localhost is).

ie doesn't matter whether "Peter Lyall Easthope.html" lives at:-
/"Peter Lyall Easthope.html"
/etc/"Peter Lyall Easthope.html"
/var/log/apt/"Peter Lyall Easthope.html"
OR even /home/peter/"Peter Lyall Easthope.html"

The link file:///Category2.html will always point to
/"Peter Lyall Easthope.html"

Because the browser replaces "file" with localhost, which renders the
URI /"Peter Lyall Easthope.html" (damn absolute links!)

I'm sure, somewhere in all these threads you've explained what Dalton is
running, but I'm a little confused with talk of Oberon and vnc
connections to Iceweasel running on other machines. When I refer to
localhost I mean the machine that hosts Iceweasel. I'm also assuming
that Iceweasel is not running as root, and that the directory that you
save "Peter Lyall Easthope.html" into is mounted on the same machine as
the file Category2.html.

Please correct my misunderstanding.

>
<snipped - can come back to this later if necessary, just trying to rein
in some of the digression>

>> http://peter@members.shaw.ca/ (from your policy in the last post)
>> A login on a site with no authentication??
>
> Authentication is not necessary to look at a public Web page.

Agreed - *but* http://peter@members.shaw.ca/ is asking the browser to
login to members.shaw.ca.....
And the server on shaw.ca says "I'm sorry Dave but...." :-D
So what the browser is actually served is members.shaw.ca....
eg.:-
http://peter@members.shaw.ca/ == http://members.shaw.ca/

Which seems like a waste of 6 characters ;-p


>
> Regards, ... Peter E.
>
>


Cheers, and thanks for your patience.

--
It's just a ride and we can change it any time we want.
It's only a choice.
No effort, no work, no job, no savings and money, a choice, right now,
between fear and love.
The eyes of fear want you to put bigger locks on your door, buy guns,
close yourself off.
The eyes of love instead see all of us as one.
~ Bill Hicks


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DF492E1.5090503@gmail.com">http://lists.debian.org/4DF492E1.5090503@gmail.com
 

Thread Tools




All times are GMT. The time now is 08:12 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org