W3C home > Mailing lists > Public > public-xml-processing-model-wg@w3.org > December 2007

Re: Security considerations: p:exec et al.

From: Rui Lopes <rlopes@di.fc.ul.pt>
Date: Fri, 14 Dec 2007 11:38:26 +0000
Message-ID: <47626B32.7060009@di.fc.ul.pt>
To: public-xml-processing-model-wg@w3.org
Norm,

Norm,

I think it is ok, although we may consider extending err:XD0021 to cope 
with execution stuff, not just resource access.

Furthermore, is it ok to add a paragraph about the inherent 
extensibility of standard steps (p:xslt and p:xquery)? Something along 
the lines of putting the responsibility on implementors that they should 
not overlook the implicit security considerations of these steps.

Cheers,
Rui

Norman Walsh wrote:
> Are you satisfied with the new Security Considerations section?
> 
> / Rui Lopes <rlopes@di.fc.ul.pt> was heard to say:
> | More dangerous than p:load, p:store or p:http-request, the p:exec is
> | prone to abuse, especially on importing externally-defined pipeline
> | libraries.
> |
> | We should say something about it either in Section 2.9 (Security
> | Considerations), or in the step declaration (7.2.1).
> |
> | p:xslt has the same problem, as some XSLT implementations (e.g.,
> | Saxon) afford embedding and executing arbitrary Java methods.
> |
> | p:xquery might be prone to the same issue.
> |
> | Cheers,
> | Rui
> |
> | -- 
> |
> | +---------------------------------------------------------------------------------------+
> | | Rui Lopes <rlopes@di.fc.ul.pt>                                    Work: +351217500532 |
> | | Researcher/PhD Student                                            Cell: +351967504370 |
> | | Faculty of Sciences, University of Lisbon; LaSIGE Research Lab    Fax:  +351217500533 |
> | | Portugal                                                                              |
> | +---------------------------------------------------------------------------------------+
> 
>                                         Be seeing you,
>                                           norm
> 

Received on Friday, 14 December 2007 11:38:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:21:54 GMT