Mar 14, 2011, 2:06:53 PM (9 years ago)

rephrase the considerations about path handling in filenames (Stewart Bryant's DISCUSS)

1 edited


  • draft-ietf-httpbis-content-disp/latest/draft-ietf-httpbis-content-disp.html

    r1187 r1188  
    633633      <ul>
    634634         <li>
    635             <p>When the value contains path separator characters ("\" or "/"), recipients <em class="bcp14">SHOULD</em> ignore all but the last path segment (the actual filename). This prevents overwriting of well-known file system locations
    636                (such as "/etc/passwd").
     635            <p>Recipients <em class="bcp14">MUST NOT</em> be able to write into any location other than one to which they are specifically entitled. To illustrate the problem consider
     636               the consequences of being able to overwrite well-known system locations (such as "/etc/passwd"). One strategy to achieve this
     637               is to never trust folder name information in the filename parameter, for instance by stripping all but the last path segment
     638               and only consider the actual filename (where 'path segment' are the components of the field value delimited by the path separator
     639               characters "\" and "/").
    637640            </p>
    638641         </li>
    718721      <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a>&nbsp;Acknowledgements
    719722      </h1>
    720       <p id="rfc.section.9.p.1">Thanks to Adam Barth, Rolf Eike Beer, Bjoern Hoehrmann, Alfred Hoenes, Roar Lauritzsen, Henrik Nordstrom, and Mark Nottingham
    721          for their valuable feedback.
     723      <p id="rfc.section.9.p.1">Thanks to Adam Barth, Stewart Bryant, Rolf Eike Beer, Bjoern Hoehrmann, Alfred Hoenes, Roar Lauritzsen, Henrik Nordstrom,
     724         and Mark Nottingham for their valuable feedback.
    722725      </p>
    723726      <h1 id="rfc.references"><a id="rfc.section.10" href="#rfc.section.10">10.</a> References
    10261029      </ul>
    10271030      <h2 id="rfc.section.E.12"><a href="#rfc.section.E.12">E.12</a>&nbsp;<a id="changes.since.07" href="#changes.since.07">Since draft-ietf-httpbis-content-disp-07</a></h2>
    1028       <p id="rfc.section.E.12.p.1">Clarify that by "last path segment" we mean the actual filename.</p>
     1031      <p id="rfc.section.E.12.p.1">Rephrase the requirement about well-known file system locations, and also clarify that by "last path segment" we mean the
     1032         actual filename.
     1033      </p>
    10291034      <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1>
    10301035      <p class="noprint"><a href="#rfc.index.C">C</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.I">I</a> <a href="#rfc.index.R">R</a>
Note: See TracChangeset for help on using the changeset viewer.