[Zope-dev] Re: Unsecure design of ExternalFile

Martijn Pieters mj@zope.com
Thu, 7 Nov 2002 17:22:28 -0500


On Thu, Nov 07, 2002 at 11:24:35AM -0500, Craeg K Strong wrote:
> What would you recommend?  Perhaps there should be
> a predefined list of "forbidden" directories for ExternalFiles?
> The problem is that-- in the development scenario-- the
> very things you mention below might be what you
> legitimately *want* to do as a developer.

'Jail' the base directory. Files can only be referenced within the jail.
Relative paths outside the jail are forbidden. This is what FTP and web
servers do, and so should ExternalFiles. A full path (starting with a '/')
then starts at the base directory.

The base directory should not be configurable through the web. Rather, use
an environment variable. Only one directory is needed, as files that need to
be accessible can be copied or symlinked.

-- 
Martijn Pieters
| Software Engineer  mailto:mj@zope.com
| Zope Corporation   http://www.zope.com/
| Creators of Zope   http://www.zope.org/
---------------------------------------------