Date: Wed, 17 Oct 2012 13:39:18 -0400 From: Eitan Adler <lists@...anadler.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: ruby file creation due in insertion of illegal NUL character On 17 October 2012 13:31, Simon McVittie <smcv@...ian.org> wrote: > As you imply, that pseudocode is a bad idea anyway: the webapp should > be ensuring that the filenames match a pattern more like > /^[A-Za-z0-9_]\.jpg$/ (or not allowing user-controlled filenames at > all), and/or the web server should be configured so it never trusts > files in the uploads directory (either as executable code or something > like .htaccess). > Anything vulnerable to this sort of trickery is probably vulnerable to > file-overwriting attacks via "../" path segments, too. What if they ensure this sort of safety via some other mechanism? (chroot for example) What if they take the file name to be "anything after the final /" ? I could see some instances, albeit contrived, where an application might be vulnerable to this sort of attack, but not vulnerable to generic path traversal. -- Eitan Adler
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.