Re: draft response to Elliotte Harold "Security: read vs. write "

On Fri, 2007-03-09 at 10:29 +0000, Jeremy Carroll wrote:
> Draft response:
> ===========
> Thank you for your comment.
> The particular operation we had in mind was from XSLT2: xsl:result-document.
> Perhaps we should make this more explicit.
> The rewrite of this section was motivated by implementer feedback.
> Particularly concerning test security3 in
> which, with a little imagination, could be modified so that malicious 
> code took control of an overly trusting machine (by writing 
> appropriately to a key OS file).
> Please reply indicating whether this adequately addresses your comment.
> ============

That works for me. I see in off-list
mail (of 10 Mar 2007 19:43:34 -0500) that Harry concurs.
Please do send it; i.e. find out if we can satisfy him without
making any spec changes.

This doesn't preclude us from making clarifying changes, if
WG participants prefer.

> Process wise: I am assuming that in this Last Call phase responses to 
> comments should only be sent by the editor or the chairs, or on their 
> instruction.


> We could consider the following actions in response:
> a) migrate some of the Jena security tests into the WG test area
>      - since many use XSLT2 and/or saxon specific features this
>        would be more illustrative of the concerns than directlt
>        useful as tests
> b) make it more explicit which of the operations mentioned in
>     section 8 are from XSLT1 and which from XSLT2
> c) add explicit mention of xsl:result-document
> If we do wish to do any of these, the text above would need modification.
> e.g. replace last line with:
> [[
> We are still considering what changes, if any, we need to make to
> clarify this point, and we will reply again when we have decided.
> ]]
> Jeremy

Dan Connolly, W3C
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E

Received on Wednesday, 14 March 2007 13:41:29 UTC