SourceForge : artf5479: character restrictions in path elements

Project: JSDL-WG Trackers > [CLOSED] JSDL v1.0 Errata > View Artifact

Artifact artf5479 : character restrictions in path elements

Tracker:	[CLOSED] JSDL v1.0 Errata
Title:	character restrictions in path elements
Description:	From Marvin Theimer, Microsoft: The main thing I'm after is that the behavior of trying to step "outside" the mountpoint by cd'ing out the top must be either (a) prohibited or (b) explicitly marked as undefined in its behavior, with an error fault potentially being generated. This is because in the Windows world I can imagine that a mountpoint definition might map to setting up a drive letter and you can't cd up out of a drive letter. In fact, I'd be happy enough with the profile stating that paths in JSDL documents should not contain either the "." or the ".." elements at all. That's a fairly strong requirement and guarantees that the job won't fail on systems where your style of semantics are enforced.
Submitted By:	Michel Drescher
Submitted On:	06/16/2006 3:01 AM EDT
Last Modified:	04/11/2007 10:29 AM EDT
Closed:	04/11/2007 10:29 AM EDT

	Status / Comments		Change Log		Associations		Attachments

Status
Group: *
Status:*	Closed
Category: *
Customer: *
Priority: *	3
Assigned To: *	Andreas Savva
Reported in Release: *
Fixed in Release: *
Estimated Hours: *	0
Actual Hours: *	0

Comments

Andreas Savva: 04/11/2007 10:29 AM EDT
	Comment:	Verified with minor changes in draft 6
	Action:	Update Closed set to 04/11/2007 Status changed from Fixed to Closed

Andreas Savva: 04/04/2007 6:00 AM EDT

Comment:

Also added security considerations sub-sections in 
- 6.5.2 FileName 
- 8.1.3 Argument
- 8.1.4 Input
- 8.1.5 Output
- 8.1.6 Error
- 8.1.7 WorkingDirectory
- 8.1.8 Environment

with the following text

Implementations may limit the characters allowed in local paths to prohibit characters such as ‘.’, or ‘..’, etc, which may potentially affect the
 security of the local host.

Action:

Update
Status changed from Resolved to Fixed

Andreas Savva: 04/04/2007 5:53 AM EDT

Comment:

Added a Security Considerations sub-section to Mountpoint with the following text. 

It must not be assumed that it is possible to step "outside" the mountpoint specified by this ele-ment by, for example, changing directory out the top
. Implementations may choose to prohibit it for security reasons, or it may simply not be possible. For example, on a Unix host it is not possi-ble to
 change directory up out of the root (‘/’), while on a Windows host it is not possible to change directory up out of a drive letter. Behavior is 
undefined.
Implementations may also limit the characters allowed in local paths to prohibit characters such as ‘.’, or ‘..’, etc, which may potentially 
affect the security of the local host.

Action:

Update

Andreas Savva: 01/24/2007 10:05 AM EST
	Action:	Update Assigned To changed from Darren Pulsipher to Andreas Savva

Andreas Savva: 12/18/2006 3:30 AM EST
	Comment:	Moved because it applies to 1.1
	Action:	Update

Andreas Savva: 12/18/2006 3:29 AM EST
	Action:	Move Moved from [READ ONLY] JSDL Feature Requests to [CLOSED] JSDL v1.0 Errata

Andreas Savva: 09/13/2006 2:55 PM EDT
	Comment:	Add security considerations sub-section to each element and list things to be aware of.
	Action:	Update Assigned To set to Darren Pulsipher Status changed from Open to Resolved

Michel Drescher: 06/16/2006 3:01 AM EDT
	Action:	Create

Return