The latest draft includes the revised text from Thomas.
Marcos, are you suggesting we add something more? It sounds like what
you are saying here, is that it should be a valid widget file. Isn't
that part of P&C checking? I'm not sure what it means to check that
the paths are "as secure as possible."
regards, Frederick
Frederick Hirsch
Nokia
On Mar 17, 2009, at 7:22 AM, ext Marcos Caceres wrote:
On Mon, Mar 16, 2009 at 12:17 PM, Thomas Roessler <t...@w3.org> wrote:
I'd suggest this instead:
Implementations should be careful about trusting path components
found in
the zip archive: Such path components might be interpreted by
operating
systems as pointing at security critical files outside the widget
environment proper, and naive unpacking of widget archives into
the file
system might lead to undesirable and security relevant effects,
e.g.,
overwriting of startup or system files.
What do you think?
I support this change. Makes sense. The other thing is to force
implementations of the dig sig spec to verify that a path conforms to
a zip-relative-path as defined in the packaging spec. And that we
check that zip-relative-paths as defined in the P&C spec are secure as
possible.
--
Marcos Caceres
http://datadriven.com.au