- From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
- Date: Tue, 17 Mar 2009 08:01:47 -0400
- To: "marcosc@opera.com" <marcosc@opera.com>
- Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, Thomas Roessler <tlr@w3.org>, "ext Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>, WebApps WG <public-webapps@w3.org>
The latest draft includes the revised text from Thomas. Marcos, are you suggesting we add something more? It sounds like what you are saying here, is that it should be a valid widget file. Isn't that part of P&C checking? I'm not sure what it means to check that the paths are "as secure as possible." regards, Frederick Frederick Hirsch Nokia On Mar 17, 2009, at 7:22 AM, ext Marcos Caceres wrote: > On Mon, Mar 16, 2009 at 12:17 PM, Thomas Roessler <tlr@w3.org> wrote: >> I'd suggest this instead: >> >>> Implementations should be careful about trusting path components >>> found in >>> the zip archive: Such path components might be interpreted by >>> operating >>> systems as pointing at security critical files outside the widget >>> environment proper, and naive unpacking of widget archives into >>> the file >>> system might lead to undesirable and security relevant effects, >>> e.g., >>> overwriting of startup or system files. >> >> What do you think? > > I support this change. Makes sense. The other thing is to force > implementations of the dig sig spec to verify that a path conforms to > a zip-relative-path as defined in the packaging spec. And that we > check that zip-relative-paths as defined in the P&C spec are secure as > possible. > > > > -- > Marcos Caceres > http://datadriven.com.au
Received on Tuesday, 17 March 2009 12:11:04 UTC