This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/sfmain/do/go/artf5479?selectedTab=comments at Sun, 06 Nov 2022 19:24:52 GMT SourceForge : artf5479: character restrictions in path elements

Project Home

Tracker

Documents

Tasks

Source Code

Discussions

File Releases

Wiki

Project Admin

JSDL calendar
Search Tracker
Project: JSDL-WG     Trackers > [CLOSED] JSDL v1.0 Errata > View Artifact
Artifact artf5479 : character restrictions in path elements
Tracker: [CLOSED] JSDL v1.0 Errata
Title: character restrictions in path elements
Description:
From Marvin Theimer, Microsoft:
The main thing I'm after is that the behavior of trying to step "outside" the mountpoint by cd'ing out the top must be 
either (a) prohibited or (b) explicitly marked as undefined in its behavior, with an error fault potentially being 
generated.  This is because in the Windows world I can imagine that a mountpoint definition might map to setting up a 
drive letter and you can't cd up out of a drive letter.

In fact, I'd be happy enough with the profile stating that paths in JSDL documents should not contain either the "." or 
the ".." elements at all. That's a fairly strong requirement and guarantees that the job won't fail on systems where 
your style of semantics are enforced.
Submitted By: Michel Drescher
Submitted On: 06/16/2006 3:01 AM EDT
Last Modified: 04/11/2007 10:29 AM EDT
Closed: 04/11/2007 10:29 AM EDT

Status / Comments Change Log Associations Attachments  
Status  
Group: *
Status:* Closed
Category: *
Customer: *
Priority: * 3
Assigned To: * Andreas Savva
Reported in Release: *
Fixed in Release: *
Estimated Hours: * 0
Actual Hours: * 0
Comments
Andreas Savva: 04/11/2007 10:29 AM EDT
  Comment:
Verified with minor changes in draft 6
  Action: Update
Closed set to 04/11/2007
Status changed from Fixed to Closed
Andreas Savva: 04/04/2007 6:00 AM EDT
  Comment:
Also added security considerations sub-sections in 
- 6.5.2 FileName 
- 8.1.3 Argument
- 8.1.4 Input
- 8.1.5 Output
- 8.1.6 Error
- 8.1.7 WorkingDirectory
- 8.1.8 Environment

with the following text

Implementations may limit the characters allowed in local paths to prohibit characters such as ‘.’, or ‘..’, etc, which may potentially affect the
 security of the local host.
  Action: Update
Status changed from Resolved to Fixed
Andreas Savva: 04/04/2007 5:53 AM EDT
  Comment:
Added a Security Considerations sub-section to Mountpoint with the following text. 

It must not be assumed that it is possible to step "outside" the mountpoint specified by this ele-ment by, for example, changing directory out the top
. Implementations may choose to prohibit it for security reasons, or it may simply not be possible. For example, on a Unix host it is not possi-ble to
 change directory up out of the root (‘/’), while on a Windows host it is not possible to change directory up out of a drive letter. Behavior is 
undefined.
Implementations may also limit the characters allowed in local paths to prohibit characters such as ‘.’, or ‘..’, etc, which may potentially 
affect the security of the local host.


  Action: Update
Andreas Savva: 01/24/2007 10:05 AM EST
  Action: Update
Assigned To changed from Darren Pulsipher to Andreas Savva
Andreas Savva: 12/18/2006 3:30 AM EST
  Comment:
Moved because it applies to 1.1
  Action: Update
Andreas Savva: 12/18/2006 3:29 AM EST
  Action: Move
Moved from [READ ONLY] JSDL Feature Requests to [CLOSED] JSDL v1.0 Errata
Andreas Savva: 09/13/2006 2:55 PM EDT
  Comment:
Add security considerations sub-section to each element and list things to be aware of.
  Action: Update
Assigned To set to Darren Pulsipher
Status changed from Open to Resolved
Michel Drescher: 06/16/2006 3:01 AM EDT
  Action: Create


 
 


The Open Grid Forum Contact Webmaster | Report a problem | GridForge Help
This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/sfmain/do/go/artf5479?selectedTab=comments at Sun, 06 Nov 2022 19:24:52 GMT