Security considerations: p:exec et al. from Rui Lopes on 2007-11-30 (public-xml-processing-model-wg@w3.org from November 2007)

From: Rui Lopes <rlopes@di.fc.ul.pt>
Date: Fri, 30 Nov 2007 15:56:27 +0000
To: XMLProc List <public-xml-processing-model-wg@w3.org>
Message-ID: <475032AB.3040307@di.fc.ul.pt>

More dangerous than p:load, p:store or p:http-request, the p:exec is 
prone to abuse, especially on importing externally-defined pipeline 
libraries.

We should say something about it either in Section 2.9 (Security 
Considerations), or in the step declaration (7.2.1).

p:xslt has the same problem, as some XSLT implementations (e.g., Saxon) 
afford embedding and executing arbitrary Java methods.

p:xquery might be prone to the same issue.


Cheers,
Rui

Received on Friday, 30 November 2007 15:56:43 UTC