damn it doesn't work :(
@hypolite why can that be linked? if its only a local link what could it hurt?
@hypolite could you explain how that works because I’m a little uncertain what the attack vector would actually be
@hypolite Browsers are not allowed to edit actual filesystem links, and relative paths will only open those files locally
@hypolite also, since the browser is not running as Root you would be prompted to enter your password if it was a file that could hurt your operating system I would think
Attacker wants access to one of your files.
Sends you an hypertext link with the expected relative path of the file on your filesystem.
You click on the link, it opens the file, not necessarily for editing.
You provide the content of the file, possibly unaware of the consequences.
@hypolite I don’t think not autolinking mitigates the issue at all, because I’m pretty sure you can just run it through a url shorter & it would look even more normal.
ill give you an example of how it would be useful, lets say a bunch of folks are talking about a config file on the version of linux they are running. and you paste the link to that local file so everyone can quickly access it. You click the link and firefox pops up a dialog saying “what would you like to use to open said file?”
@hypolite not at all. Maybe I wasn’t clear. If everyone is on the same type of system and they are editing the same file on their own systems, that is what I would find useful.
@hypolite check yourself
@hypolite it should have been file:///home/wakest/.config/i3/config which was the file I was actually editing when I thought about this in the first place...
the personal instance of Liaizon Wakest