“Posh” URIs

I’m now in the middle of another lunatic experiment using Powershell. This time I have entered a few registry values to associate the URI schema "posh" with one of my Powershell scripts. Whenever a "posh" URI is invoked on my machine that script receives the URI as its first argument.
At this point I believe that I have the process of getting the URI to the script wrapped up fairly well. There shouldn’t be any passibility of code injection without being able to alter my registry or the script that ultimately receives the URI, and if someone did manage to pull that off then simple code injection would be the least of my worries. Getting past the issue of safely transporting the URI to the script I can only think of a single caveat: I don’t have any way to know for sure where the URI came from. Since I don’t know where a URI comes from then I don’t know if the source of the URI is authorized to be able commit any actions that are associated with the URI.
My solution to that caveat is simple, it allows me to know what generated the URI, it allows me to keep the identity of the object that created the URI to remain anonymous, and, since I know what generated the URI, I can be fairly certain about where the URI invocation is coming from.
The idea is to invoke some script on demand and have it generate a new GUID. The script would then generate a series of URIs using the new GUID. (e.g. posh:4fdcd7f0-7b1c-4c82-979e-7d0fa2b4bb0f:args) Then, the script would store those URIs somewhere they would be of use, like in an html file. Finally, the script would register the GUID, a scriptlet that would handle URI invocations with that GUID, and a DateTime of when the GUID should expire. In the case of generating an html file the script may invoke the html file before completion.
When the scriptlet that is associated with the GUID is invoked, it can be certain that the URI in someway come from where ever the original script stored the URIs. What is not certain is whether or not the URIs have been copied away or if the arguments were modified by someone unauthorized. If the arguments need to be protected then they too could be made anonymous by the use of GUIDs. (e.g. posh:4fdcd7f0-7b1c-4c82-979e-7d0fa2b4bb0f:20075295-9b78-47da-8ccf-3320db848ccf)
The only thing that remains is that valid posh URIs could still be copied from a location where its use is valid to a location where its use would be invalid. The only prevention against this is the expiration date on the GUIDs and the extreme improbability that a GUID may be invoked in an unauthorized manner before the GUID expires.
There may also be some use of permanent named scriptlets. In an intranet setting links could be placed on a company web site that  invoke scriptlets that invoke local applications relevant to that page, and administrators would be able to easily add the necessary registration information to all machines on the network. Web sites like the script repository could release scripts that help with the download and resigning of scripts from the repository; the script would be associated with some posh URI and the script repository could place special links near each script displayed.
This may not be a big deal to everyone but this makes it easier to do more advanced local system management using a simple web interface.

~ by lunaticexperimentalist on September 22, 2008.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: