开发者

How to perform security check on a given path (from web server) to serve files

I need to write a small file serving component for web server. There are lots of issues serving files. Because "as-is" serving as big security hole, like this

www.somesite.com/../../../../etc/passwd

There are many issues including ".." resolving and many others like under windows there are many "unusual ways to refer to some path". Also there are some issues with symbolic links... They may drive us away of document-root.

Is there any good article or material about serving files and performing security checks on them?

Thanks.

P.S.: I need solution mostly for POSIX systems but I need a solution for Win32 as well.

P.P.S:

  • Does check for ".." and sy开发者_JAVA百科mbolic links is sufficient for POSIX systems? (As far as I know it does not for Windows)
  • As far as I remember Windows provides some kind of API for these purposes, can somebody point to it?

Why do I need this:

CppCMS has a simple internal web server for debugging purposes (I had written one), I try to figure out how hard would it be to make this server fully useful for real world (i.e. listen at 80 directly rather then run behind a web server and FastCGI or SCGI connector).

This is a file serving application that I use at this point. It does very primitive checks. I mostly want make it safe.

My Answer:

There is an answer https://www.securecoding.cert.org/confluence/display/seccode/FIO02-C.+Canonicalize+path+names+originating+from+untrusted+sources

Seems to be good enough...

In short: use realpath under UNIX and GetFullPathName under Windows.

Final note: if something would suggest more detailed functionality I would accept it (especially for Win32 where path tests are pain-in-...)


As for the Windows API offerings, there are a collection of Shell functions that begin with Path and Url that can help normalize directories, paths, and file names. For example, PathCanonicalize will help you get an arbitrary path into a standard form. From there you can do further analysis.

In general, work with a specific list of things to allow, rather than a list of things to disallow. Bad guys will always think of new things that you didn't anticipate.


It seems like you are dealing with Path Traversal - http://www.owasp.org/index.php/Path_Traversal.
That link mainly deals with web applications, but I think that some of the information there will be helpful. I think the best practice on a POSIX system is to chroot and not allow access to a path outside of the root of the application.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜