You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avalon.apache.org by Anton Tagunov <at...@mail.cnt.ru> on 2003/06/01 10:36:28 UTC

[Fortress] [Security] URLSourceFactory --> FileSourceFactory

Hello, All!
Hello, Berin!

I've noticed that the following change would probably increase
security of most Fortress installations:

--- ContextManager.orig 2003-05-30 12:56:23.000000000 +0400
+++ ContextManager.java 2003-06-01 12:27:58.000000000 +0400
@@ -84,9 +84,10 @@
 import org.apache.excalibur.mpool.PoolManager;
 import org.apache.excalibur.source.Source;
 import org.apache.excalibur.source.SourceResolver;
+import org.apache.excalibur.source.SourceFactory;
 import org.apache.excalibur.source.impl.ResourceSourceFactory;
 import org.apache.excalibur.source.impl.SourceResolverImpl;
-import org.apache.excalibur.source.impl.URLSourceFactory;
+import org.apache.excalibur.source.impl.FileSourceFactory;
 import org.apache.log.Hierarchy;
 import org.apache.log.Priority;
 
@@ -652,14 +653,14 @@
     {
         final DefaultServiceManager manager = new DefaultServiceManager();
         final DefaultServiceSelector selector = new DefaultServiceSelector();
-        final URLSourceFactory file = new URLSourceFactory();
-        file.enableLogging( getLogger() );
-        selector.put( "*", file );
+        final FileSourceFactory file = new FileSourceFactory();
+        ContainerUtil.enableLogging( file, getLogger() );
+        selector.put( "file", file );
         final ResourceSourceFactory resource = new ResourceSourceFactory();
-        resource.enableLogging( getLogger() );
+        ContainerUtil.enableLogging( resource, getLogger() );
         selector.put( "resource", resource );
 
-        manager.put( ResourceSourceFactory.ROLE + "Selector", selector );
+        manager.put( SourceFactory.ROLE + "Selector", selector );
 
         final SourceResolverImpl resolver = new SourceResolverImpl();
         ContainerUtil.enableLogging( resolver, getLogger() );

The main thing that drives this change is of course changing
URLSourceFactory for a FileSourceFactory.

Can't tell exactly how URLSourceFactory being configured without
and explicit request from user could be exploited,
but I beleive that users (developers) should have _strict_
control over their applications being able to make
requests over the internet or not (for instance, sensetive information
may be packed into the url). Also, making requests over the network
is time consuming, takes the bandwidth that probably shouldn't be
wasted (imagine a slow, narrow connection to the internet) and sending
a request anywhere exposes your network address to the routers.

(I personally get a certain amount of warnings from my personal firewall
when I work with Internet from home, these requests try to open some
ports I do not understand, but probably these guys are searching
some weak points in my defenses :-) How do they know my address?
One answer might be they are trying all IPs from the pool of my
provider, but another might be that they grap my IP from some
routers my requests traverse.

In short I beleive that users who want to grab something from the
internet via sourceresolver should explicitly configure a
sourceresolver in their applications. And the default setup
should be limited to file: and resource:

Thoughts?

- Anton

P.S.

BTW I have seen this code many times, I have even moved it
from one place in the ContextManager to another, but all the way
through my eye was caught by the name of the local variable -- "file"
and I was 100% sure that the default sourceresolver was configured
to resolve only for "file" and "resource" and never for "http" and so
on, which seemed pretty secure to me.

And only when I started copying this code in my own
application (yes, I need that), I noticed that it was an
URLResourceFactory, not FileSourceFactory, so I found myself
quite misleaded!

P.P.S.

Other changes:

Couldn't stop myself from correcting one more point that scratched my
eye on the code - ResourceSouceFactory.ROLE -> SourceFactory.ROLE

Move from <var>.enableLogging() to ContainerUtil.enableLogging( <var> )
was done because FileSourceFactory does not really implement loggable,
but to keep the code consistent.. To me it really makes little
difference, I even might be for just dropping the line
file.enableLogging() rather then replacing it with
ContianerUtil.enableLogging(), just does not matter, I think.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@avalon.apache.org
For additional commands, e-mail: dev-help@avalon.apache.org