Flash Player的安全和隐私设置

On 2010年09月8日, in tips, by netoearth

System administrators and security experts have addressed two problems with the online availability of the settings manager. Attackers can for instance fake certificates to make changes to the settings. Another problem is that it is not possible to make changes for all users of a system.

It is a well kept secret that Adobe Flash Player can be configured globally. Administrators and users who want to do that need to create the file mms.cfg. This file needs to be stored in the following directories to be accessed by the Flash Player:

  • Windows: %Windir%\System32\Macromed\Flash
  • Macintosh: /Library/Application Support/Macromedia
  • Linux: /etc/adobe/

The following parameters are supported by the configuration file:

  • AllowUserLocalTrust Lets you prevent users from designating any files on local file systems as trusted.
  • AssetCacheSize Lets you specify a hard limit, in MB, on the amount of local storage that Flash Player uses for the storage of common Flash components.
  • AutoUpdateDisable Lets you prevent Flash Player from automatically checking for and installing updated versions.
  • AutoUpdateInterval Lets you specify how often to check for an updated version of Flash Player.
  • AVHardwareDisable Lets you prevent SWF files from accessing webcams or microphones.
  • DisableDeviceFontEnumeration Lets you prevent information on installed fonts from being displayed.
  • DisableNetworkAndFilesystemInHostApp Lets you prevent networking or file system access of any kind.
  • DisableProductDownload Lets you prevent native code applications that are digitally signed and delivered by Adobe from being downloaded.
  • DisableSockets Lets you enable or disable the use of the Socket.connect() and XMLSocket.connect() methods.
  • EnableSocketsTo Lets you create a whitelist of servers to which socket connections are allowed.
  • EnforceLocalSecurityInActiveXHostApp Lets you enforce local security rules for a specified application.
  • FileDownloadDisable Lets you prevent the ActionScript FileReference API from performing file downloads.
  • FileUploadDisable Lets you prevent the ActionScript FileReference API from performing file uploads.
  • FullScreenDisable Lets you disable SWF files playing via a browser plug-in from being displayed in full-screen mode.
  • LegacyDomainMatching Lets you specify whether SWF files produced for Flash Player 6 and earlier can execute an operation that has been restricted in a newer version of Flash Player.
  • LocalFileLegacyAction Lets you specify how Flash Player determines whether to execute certain local SWF files that were originally produced for Flash Player 7 and earlier.
  • LocalFileReadDisable Lets you prevent local SWF files from having read access to files on local hard drives.
  • LocalStorageLimit Lets you specify a hard limit on the amount of local storage that Flash Player uses (per domain) for persistent shared objects.
  • OverrideGPUValidation Overrides validation of the requirements needed to implement GPU compositing.
  • ProductDisabled Creates a list of ProductManager applications that users are not permitted to install or launch.
  • RTMFPP2PDisable Specifies how the NetStream constructor connects to a server when a value is specified for peerID, the second parameter passed to the constructor.
  • RTMFPTURNProxy Lets Flash Player make RTMFP connections through the specified TURN server in addition to normal UDP sockets.
  • ThirdPartyStorage Lets you specify whether third-party SWF files can read and write locally persistent shared objects.
  • Most options can be set to 0 = false or 1 = true. A basic example is the command AVHardwareDisable = 1, which blocks SWF file access to webcams and microphones. A value of 0 allows the user to configure the setting in the Settings Manager.

    Privacy Parameters:

    AVHardwareDisable = [0,1]
    DisableDeviceFontEnumeration = [0,1]

    Defines if SWF files can pull the list of installed fonts from the computer system. Setting it to 1 means they cannot do that, while 0 means the information can be returned.

    User Interface Parameters:

    FullScreenDisable = [0,1]

    Defines if a SWF file can be displayed in full screen mode. A value of 1 prevents that, while 0 allows it.

    Data loading and storage options:

    LocalFileReadDisable = [0,1]

    A value of 1 prevents local SWF files from having read access to files on the local hard drive which means local SWF files cannot run. Remote SWF are unable to upload or download files.

    FileDownloadDisable = [0,1]

    Setting the parameter to 1 disables downloads of files, while 0 allows it.

    FileUploadDisable = [0,1]

    The same as FileDownloadDisable, with the difference that it blocks or allows file uploads.

    LocalStorageLimit = [1,2,3,4,5,6]

    This sets the limit of local storage the Flash player can allocate per domain. (1=no storage, 2=10KB, 3=100KB, 4=1MB, 5=10MB, 6=no limit]

    ThirdPartyStorage = [0,1]

    If this value is set to 1, third-party SWF files (those that originate from a different domain than the current one) can read and write locally persistent shared objects. If this value is set to 0, third-party SWF files cannot read or write locally persistent shared objects.

    AssetCacheSize = [ 0, number of Megabytes]

    This value specifies a hard limit, in MB, on the amount of local storage that Flash Player uses for the storage of common Flash components. If this option is not included in the mms.cfg file, the Settings Manager lets the user specify whether to permit component storage. However, the user can’t specify how much local storage space to use. The default limit is 20 MB.

    Update Options:

    AutoUpdateDisable = [0,1]

    If set to 1, Flash Player disables auto-update. This prevents Flash Player from checking periodically for updated versions. If set to 1, the following parameters are ignored.

    AutoUpdateInterval = [number of days]

    Defines the interval in which Flash Player checks for new versions. The default value is 30 days.

    DisableProductDownload = [0,1]

    If this value is set to 0 (the default), Flash Player can install native code applications that are digitally signed and delivered by Adobe. Adobe uses this capability to deliver Flash Player updates through the developer-initiated Express Install process, and to deliver the Adobe Acrobat Connect screen-sharing functionality. If this value is set to 1, these capabilities are disabled.

    ProductDisabled = application name

    TThis option is effective only when DisableProductDownload has a value of 0 or is not present in the mms.cfg file; it creates a list of ProductManager applications that users are not permitted to install or launch.

    Security Options:

    LegacyDomainMatching = [0,1]

    This setting controls whether to allow a SWF file produced for Flash Player 6 and earlier to execute an operation that has been restricted in a newer version of Flash Player.

    LocalFileLegacyAction = [0,1]

    This setting controls how Flash Player determines whether to execute certain local SWF files that were originally produced for Flash Player 7 and earlier.

    AllowUserLocalTrust = [0,1]

    This setting lets you prevent users from designating any files on local file systems as trusted (that is, placing them into the local-trusted sandbox). This setting applies to SWF files published for any version of Flash.

    EnforceLocalSecurityInActiveXHostApp = executable filename

    By default, local security is disabled whenever the ActiveX control is running in a non-browser host application. In rare cases when this causes a problem, you can use this setting to enforce local security rules for the specified application. You can enforce local security for multiple applications by entering a separate EnforceLocalSecurityInActiveXHostApp entry for each application.

    DisableNetworkAndFilesystemInHostApp = executable filename

    This option is similar to EnforceLocalSecurityInActiveXHostApp, but applies to plug-ins as well as the ActiveX control, and imposes stricter security controls. When a plug-in or ActiveX control is running within an application specified, it will be as though the HTML parameter allowNetworking=”none” had been specified. That is, no networking or file system access of any kind will be permitted, and the SWF running in the Flash Player will run without the ability to load any additional media or communicate with any servers. You can enforce local security for multiple applications by entering a separate

    Socket connection options

    DisableSockets = [0,1]

    This option enables or disables the use of the Socket.connect() and
    XMLSocket.connect() methods. If you don’t include this option in the mms.cfg file, or if its value is set to 0, socket connections are permitted to any server. If this value is set to 1, no socket connections are allowed. However, if you want to disable some but not all socket connections, set this value to 1 and then use EnableSocketsTo to specify one or more servers to which socket connections can be made.

    EnableSocketsto = [host name, IP address]

    This option is effective only when DisableSockets has a value of 1; it creates a whitelist of servers to which socket connections are allowed. Unlike most other mms.cfg options, you can use this option as many times as is appropriate for your environment. Note that the servers specified are target servers, to which socket connections are made; they are not origin servers, from which the connecting SWF files are served.

    GPU Compositing:

    OverrideGPUValidation = [ 0, 1 ]

    The GPU compositing feature is gated by the driver version for video cards. If a card and driver combination does not match the requirements needed to implement compositing, set OverrideGPUValidation to 1 to override validation of the driver requirements. For example, you might want GPU compositing enabled during a specific test suite, even if the video driver in the test machine doesn’t meet compositing requirements. This setting overrides driver version gating but still checks for VRAM requirements.

    RTMFP options:

    RTMFPP2PDisable = [ 0, 1 ]

    This option specifies how the NetStream constructor connects to a server when a value is specified for peerID, the second parameter passed to the constructor. If RTMFPP2PDisable has a value of 0 or is not present in the mms.cfg file, a peer-to-peer (P2P) connection can be used. If this value is 1, any value specified for peerID is ignored and P2P connections are d

    RTMFPTURNProxy = URL of TURN proxy server

    If this option is present, Flash Player attempts to make RTMFP connections through the specified TURN server in addition to normal UDP sockets. TURN Servers are useful for conveying RTMFP network traffic through firewalls that otherwise block UDP packets.

    Additional information:

    flash player 10.0 admin guide
    Adobe Flash Player 10 Admin Guide website.
    mms Config Example
    Recent Man in the middle Vulnerability [German]

    The config is a basic example file, which disables update checks, hardware and font enumeration. (thanks go to Hubert for sending in the tip).

    Comments are closed.