- From: Marcos Caceres <marcosc@opera.com>
- Date: Tue, 17 Mar 2009 12:22:43 +0100
- To: Thomas Roessler <tlr@w3.org>
- Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, "ext Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>, WebApps WG <public-webapps@w3.org>
On Mon, Mar 16, 2009 at 12:17 PM, Thomas Roessler <tlr@w3.org> wrote: > I'd suggest this instead: > >> Implementations should be careful about trusting path components found in >> the zip archive: Such path components might be interpreted by operating >> systems as pointing at security critical files outside the widget >> environment proper, and naive unpacking of widget archives into the file >> system might lead to undesirable and security relevant effects, e.g., >> overwriting of startup or system files. > > What do you think? I support this change. Makes sense. The other thing is to force implementations of the dig sig spec to verify that a path conforms to a zip-relative-path as defined in the packaging spec. And that we check that zip-relative-paths as defined in the P&C spec are secure as possible. -- Marcos Caceres http://datadriven.com.au
Received on Tuesday, 17 March 2009 11:23:23 UTC