W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2005

Re: last calling WebDAV mounting spec, was I-D ACTION:draft-reschke-webdav-mount-01.txt

From: Jim Whitehead <ejw@soe.ucsc.edu>
Date: Mon, 26 Sep 2005 12:50:15 -0700
Message-Id: <E8EA8F4D-B1B1-4FE4-A881-057CFD6D25C1@cs.ucsc.edu>
To: WebDav <w3c-dist-auth@w3.org>
> Funny enough, supporting the Webfolder client actually was an  
> afterthought, and both other current client implementations fall  
> into the filesystem category.
>
> And, as a matter of fact, both implementors asked for the ability  
> to also <open> files, so that they can be directly edited.
>
> The problem here is a security risk, mentioned in <http:// 
> greenbytes.de/tech/webdav/draft-reschke-webdav-mount- 
> latest.html#security.considerations>: if a client just maps the  
> WebDAV server to a filesystem, and translates <open> requests into  
> whatever the system's shell does on double-click, this introduces a  
> huge security hole: a malevolent could simply send a <open> request  
> for an executable file, and the client would then potentially open  
> (= execute) it without any additional confirmation by the user.
>
> I'm not saying that this issue can't be dealt with, but at this  
> stage I preferred to err on the side of security. If people feel  
> the spec should allow <open> on non-collection, please try to come  
> up with a spec text that can address this concern.

I dunno -- it doesn't seem reasonable that the default mapping of GET  
to an executable resource would be to execute a binary. For example,  
this isn't the case with Apache.

- Jim
Received on Monday, 26 September 2005 19:50:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:09 GMT