W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [widgets] Comments on Widget Signature update (was RE: Widget Signature update)

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Tue, 17 Mar 2009 08:01:47 -0400
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, Thomas Roessler <tlr@w3.org>, "ext Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>, WebApps WG <public-webapps@w3.org>
Message-Id: <09DB1332-03C6-4ED0-AAC6-E831497BCFDF@nokia.com>
To: "marcosc@opera.com" <marcosc@opera.com>
The latest draft includes the revised text from Thomas.

Marcos, are you suggesting we add something more? It sounds like what  
you are saying here, is that it should be a valid widget file. Isn't  
that part of P&C checking? I'm not sure what it means to check that  
the paths are "as secure as possible."

regards, Frederick

Frederick Hirsch
Nokia

On Mar 17, 2009, at 7:22 AM, ext Marcos Caceres wrote:

> On Mon, Mar 16, 2009 at 12:17 PM, Thomas Roessler <tlr@w3.org> wrote:
>> I'd suggest this instead:
>>
>>> Implementations should be careful about trusting path components  
>>> found in
>>> the zip archive:  Such path components might be interpreted by  
>>> operating
>>> systems as pointing at security critical files outside the widget
>>> environment proper, and naive unpacking of widget archives into  
>>> the file
>>> system might lead to undesirable and security relevant effects,  
>>> e.g.,
>>> overwriting of startup or system files.
>>
>> What do you think?
>
> I support this change. Makes sense. The other thing is to force
> implementations of the dig sig spec to verify that a path conforms to
> a zip-relative-path as defined in the packaging spec. And that we
> check that zip-relative-paths as defined in the P&C spec are secure as
> possible.
>
>
>
> -- 
> Marcos Caceres
> http://datadriven.com.au
Received on Tuesday, 17 March 2009 12:11:04 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT