- From: Conal Tuohy <conal.tuohy@gmail.com>
- Date: Wed, 3 Jun 2015 16:06:54 +1000
- To: "Imsieke, Gerrit, le-tex" <gerrit.imsieke@le-tex.de>
- Cc: XProc Dev <xproc-dev@w3.org>
- Message-ID: <CAErBQuRdugmvt-3mH5ngXbsvEME1_s9irWwzsvo2acjpxwQpTg@mail.gmail.com>
The risk that I see is from allowing the XSLT to read arbitrary files from
the file system - though subject to file system security, of course.
e.g.
<xsl:stylesheet version="2.0" xmlns:xsl="
http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
<xsl:copy-of
select="document('file:///var/lib/tomcat7/conf/tomcat-users.xml')"/>
</xsl:template>
</xsl:stylesheet>
On 3 June 2015 at 15:41, Imsieke, Gerrit, le-tex <gerrit.imsieke@le-tex.de>
wrote:
> Conal,
>
> Just want to throw in my two cents. I think p:xslt in itself is
> harmless, particularly if you didn’t install any extension functions
> with direct OS access. Even if the stylesheet uses xsl:result-document,
> it won’t write stuff to disk by itself. These documents appear on the
> secondary port and are typically handled by p:store if they need to be
> stored to disk. So if your users are only able to upload their own XSLT
> and if you don’t use their outputs as inputs for p:store or for the
> options of EXProc file system steps such as p:delete, then you should be
> safe. Apart from bad code that might cause stack overflows or excessive
> computing times. Or am I missing something?
>
>
> --
> Gerrit Imsieke
> Geschäftsführer / Managing Director
> le-tex publishing services GmbH
> Weissenfelser Str. 84, 04229 Leipzig, Germany
> Phone +49 341 355356 110, Fax +49 341 355356 510
> gerrit.imsieke@le-tex.de, http://www.le-tex.de
>
> Registergericht / Commercial Register: Amtsgericht Leipzig
> Registernummer / Registration Number: HRB 24930
>
> Geschäftsführer: Gerrit Imsieke, Svea Jelonek,
> Thomas Schmidt, Dr. Reinhard Vöckler
>
>
Received on Wednesday, 3 June 2015 06:07:44 UTC