Changeset 1188


Ignore:
Timestamp:
Mar 14, 2011, 2:06:53 PM (8 years ago)
Author:
julian.reschke@…
Message:

rephrase the considerations about path handling in filenames (Stewart Bryant's DISCUSS)

Location:
draft-ietf-httpbis-content-disp/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.html

    r1187 r1188  
    633633      <ul>
    634634         <li>
    635             <p>When the value contains path separator characters ("\" or "/"), recipients <em class="bcp14">SHOULD</em> ignore all but the last path segment (the actual filename). This prevents overwriting of well-known file system locations
    636                (such as "/etc/passwd").
     635            <p>Recipients <em class="bcp14">MUST NOT</em> be able to write into any location other than one to which they are specifically entitled. To illustrate the problem consider
     636               the consequences of being able to overwrite well-known system locations (such as "/etc/passwd"). One strategy to achieve this
     637               is to never trust folder name information in the filename parameter, for instance by stripping all but the last path segment
     638               and only consider the actual filename (where 'path segment' are the components of the field value delimited by the path separator
     639               characters "\" and "/").
    637640            </p>
    638641         </li>
     
    718721      <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a>&nbsp;Acknowledgements
    719722      </h1>
    720       <p id="rfc.section.9.p.1">Thanks to Adam Barth, Rolf Eike Beer, Bjoern Hoehrmann, Alfred Hoenes, Roar Lauritzsen, Henrik Nordstrom, and Mark Nottingham
    721          for their valuable feedback.
     723      <p id="rfc.section.9.p.1">Thanks to Adam Barth, Stewart Bryant, Rolf Eike Beer, Bjoern Hoehrmann, Alfred Hoenes, Roar Lauritzsen, Henrik Nordstrom,
     724         and Mark Nottingham for their valuable feedback.
    722725      </p>
    723726      <h1 id="rfc.references"><a id="rfc.section.10" href="#rfc.section.10">10.</a> References
     
    10261029      </ul>
    10271030      <h2 id="rfc.section.E.12"><a href="#rfc.section.E.12">E.12</a>&nbsp;<a id="changes.since.07" href="#changes.since.07">Since draft-ietf-httpbis-content-disp-07</a></h2>
    1028       <p id="rfc.section.E.12.p.1">Clarify that by "last path segment" we mean the actual filename.</p>
     1031      <p id="rfc.section.E.12.p.1">Rephrase the requirement about well-known file system locations, and also clarify that by "last path segment" we mean the
     1032         actual filename.
     1033      </p>
    10291034      <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1>
    10301035      <p class="noprint"><a href="#rfc.index.C">C</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.I">I</a> <a href="#rfc.index.R">R</a>
  • draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.xml

    r1187 r1188  
    252252  <list style="symbols">
    253253    <x:lt><t>
    254       When the value contains path separator characters ("\" or "/"),
    255       recipients &SHOULD; ignore all but the last path segment (the actual
    256       filename). This prevents overwriting of well-known file system locations
    257       (such as "/etc/passwd").
     254      Recipients &MUST-NOT; be able to write into any location other than one
     255      to which they are specifically entitled. To illustrate the problem
     256      consider the consequences of being able to overwrite well-known system
     257      locations (such as "/etc/passwd"). One strategy to achieve this is to
     258      never trust folder name information in the filename parameter, for
     259      instance by stripping all but the last path segment and only consider the
     260      actual filename (where 'path segment' are the components of the field
     261      value delimited by the path separator characters "\" and "/").
    258262    </t></x:lt>
    259263    <x:lt><t>
     
    416420<section title="Acknowledgements">
    417421<t>
    418   Thanks to Adam Barth, Rolf Eike Beer, Bjoern Hoehrmann, Alfred Hoenes, Roar Lauritzsen,
    419   Henrik Nordstrom, and Mark Nottingham for their valuable feedback.
     422  Thanks to Adam Barth, Stewart Bryant, Rolf Eike Beer, Bjoern Hoehrmann,
     423  Alfred Hoenes, Roar Lauritzsen, Henrik Nordstrom, and Mark Nottingham for
     424  their valuable feedback.
    420425</t>
    421426</section> 
     
    10531058<section title="Since draft-ietf-httpbis-content-disp-07" anchor="changes.since.07">
    10541059<t>
    1055   Clarify that by "last path segment" we mean the actual filename.
     1060  Rephrase the requirement about well-known file system locations, and also
     1061  clarify that by "last path segment" we mean the actual filename.
    10561062</t>
    10571063</section>
Note: See TracChangeset for help on using the changeset viewer.