W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [widgets] Comments on Widget Signature update (was RE: Widget Signature update)

From: Marcos Caceres <marcosc@opera.com>
Date: Tue, 17 Mar 2009 12:22:43 +0100
Message-ID: <b21a10670903170422k24201b0bi60aecd3a47714d17@mail.gmail.com>
To: Thomas Roessler <tlr@w3.org>
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, "ext Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>, WebApps WG <public-webapps@w3.org>
On Mon, Mar 16, 2009 at 12:17 PM, Thomas Roessler <tlr@w3.org> wrote:
> I'd suggest this instead:
>
>> Implementations should be careful about trusting path components found in
>> the zip archive:  Such path components might be interpreted by operating
>> systems as pointing at security critical files outside the widget
>> environment proper, and naive unpacking of widget archives into the file
>> system might lead to undesirable and security relevant effects, e.g.,
>> overwriting of startup or system files.
>
> What do you think?

I support this change. Makes sense. The other thing is to force
implementations of the dig sig spec to verify that a path conforms to
a zip-relative-path as defined in the packaging spec. And that we
check that zip-relative-paths as defined in the P&C spec are secure as
possible.



-- 
Marcos Caceres
http://datadriven.com.au
Received on Tuesday, 17 March 2009 11:23:23 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT