Plugging nice big security hole (OS/2)

[Brian Havard <br...@kheldar.apana.org.au>]

My testing shows that OS/2 suffers the same problem as Win32 with trailing
dots on directory names and I'm trying to do something about it.

As it stand, you can bypass protection of a directory by adding a dot at the
end. I've written an ap_os_canonical_filename() that removes the trailing
dots (and does a few other things) and that seems to secure <Directory> type
access restrictions but <Location> types are still vunerable. What can I do
to fix them?

--
 ______________________________________________________________________________
 |  Brian Havard                 |  "He is not the messiah!                   |
 |  brianh@kheldar.apana.org.au  |  He's a very naughty boy!" - Life of Brian |
 ------------------------------------------------------------------------------

Re: Plugging nice big security hole (OS/2)

[Dean Gaudet <dg...@arctic.org>]

If people would just read the goddamn documentation they'd see that
<Location> protects URLs and shouldn't be used for filesystem protection
at all.

People using a <Location> that results in the default handler or any
"filesystem" handler deserve the trouble they get.

If that bothers you, or anyone else, then try to magically produce a
warning.  It's just how it is.  If you impose filesystem semantics on
<Location> then you've removed the ability to tie URLs to an arbitrary
database... something which we're already really shitty at doing, but
which is at least possible currently. 

Dean

On Mon, 20 Jul 1998, Marc Slemko wrote:

> On Mon, 20 Jul 1998, Brian Havard wrote:
> 
> > My testing shows that OS/2 suffers the same problem as Win32 with trailing
> > dots on directory names and I'm trying to do something about it.
> > 
> > As it stand, you can bypass protection of a directory by adding a dot at the
> > end. I've written an ap_os_canonical_filename() that removes the trailing
> > dots (and does a few other things) and that seems to secure <Directory> type
> > access restrictions but <Location> types are still vunerable. What can I do
> > to fix them?
> 
> Talk to Dean and your problems will vanish.  He will simply define
> Location as something that isn't supposed to protect access to files, and
> you have no problems.  I don't fully disagree with him, but... 
> 
> AFAIK, this is how Win32 is being treated right now.
> 
> 

Re: Plugging nice big security hole (OS/2)

[Marc Slemko <ma...@worldgate.com>]

On Mon, 20 Jul 1998, Brian Havard wrote:

> My testing shows that OS/2 suffers the same problem as Win32 with trailing
> dots on directory names and I'm trying to do something about it.
> 
> As it stand, you can bypass protection of a directory by adding a dot at the
> end. I've written an ap_os_canonical_filename() that removes the trailing
> dots (and does a few other things) and that seems to secure <Directory> type
> access restrictions but <Location> types are still vunerable. What can I do
> to fix them?

Talk to Dean and your problems will vanish.  He will simply define
Location as something that isn't supposed to protect access to files, and
you have no problems.  I don't fully disagree with him, but... 

AFAIK, this is how Win32 is being treated right now.