473,221 Members | 1,693 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,221 software developers and data experts.

Directory names from untrusted data


I'm in the middle of writing a small app for Linux that needs to create
directories that take their names from untrusted data. If possible, I'd
like to preserve special characters rather than switching them with dummy
characters. For instance, using bash, I'd just escape characters with
backslashes when I want to create a directory name with, say, a slash in.

I've been through the manual, Google and Usenet, and I've done a bit of
experimenting, but I can't seem to find a way of doing this in python. The
only thing I can think of is to spawn a bash shell to do it, which I'd
rather not have to do. Does anybody have a better way of doing this?
Also, are there any other things I should watch out for (e.g. excessively
long names)?

Ta,

--
Jim Dabell

Jul 18 '05 #1
2 1900
On Sat, 13 Sep 2003 16:08:52 +0100,
Jim Dabell <ji********@jimdabell.com> wrote:
I'm in the middle of writing a small app for Linux that needs to create
directories that take their names from untrusted data. If possible, I'd
like to preserve special characters rather than switching them with dummy
I was once told about a security seminar where the speaker explained there
are two approaches to rules, the American "Everything not forbidden is
permitted" and the Prussian "Everything not explicitly allowed is
forbidden." For security, you really want to go with the Prussian approach
of picking a set of legal characters and discarding anything not in the set,
rather than the American approach of '; and / are forbidden; everything else
is permitted." You might someday find a security hole stemming from allowing
the $ character, at the cost of a break-in; another day you might find
another hole by getting broken into again. It's better to start with a safe
set, and increase the set very cautiously as necessary.

A sneaky approach might be to hex-encode everything; the input filename
'foo' becomes the on-disk filename '666f6f'. Unreadable, but attackers have
no way to create special characters.
characters. For instance, using bash, I'd just escape characters with
backslashes when I want to create a directory name with, say, a slash in.
I don't believe you can do this on Unix systems; the kernel always assumes
that slashes indicate multiple directory levels, so foo\/bar would be a
directory named 'foo\' containing a file named 'bar'.
Also, are there any other things I should watch out for (e.g. excessively
long names)?


'..' in paths; someone could provide a filename of ../../<a bunch more
...'s>/etc/passwd. If you just open the path and write to it (and happen to
be running as root), bang, you've just blown away your /etc/passwd. Long
names will fail after a certain point -- most filesystems seem to have a
256-byte limit -- but that doesn't seem to present a security risk.

--amk
Jul 18 '05 #2
On Sat, 13 Sep 2003 16:08:52 +0100, Jim Dabell <ji********@jimdabell.com> wrote:

I'm in the middle of writing a small app for Linux that needs to create
directories that take their names from untrusted data. If possible, I'd
like to preserve special characters rather than switching them with dummy
characters. For instance, using bash, I'd just escape characters with
Preserving characters supplied by untrusted data sounds like you do
trust your supplier at least a little bit. Depending on how paranoid you
are and how secure you must be, this may be dangerous.
backslashes when I want to create a directory name with, say, a slash in.

I've been through the manual, Google and Usenet, and I've done a bit of
experimenting, but I can't seem to find a way of doing this in python. The
Do what in Python?
Filtering chars or making dirs?
Both can easily be done in Python

Filtering:

safename=''
for kar in untrustedname:
if kar in string.letters:
safename=safename+kar
else:
safename=safename+'_'

Making dir:

os.path.mkdir(safename)
Obviously, the code above is extremely non-secure, you should do some
checking on existance of the directory name, provide an atomic creation
primitive, and set the access rights to something sensible.
only thing I can think of is to spawn a bash shell to do it, which I'd
rather not have to do. Does anybody have a better way of doing this?
Also, are there any other things I should watch out for (e.g. excessively
long names)?


Short answer: Everything, including all things you think you can trust.

Longer answer: Read a few docs about secure programming to get
sufficiently paranoid.

Albert
--
Unlike popular belief, the .doc format is not an open publically available format.
Jul 18 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Mike Zupan | last post by:
I have a list that includes files and directories ie: list = I want to sort it so it looks like this I'm just wondering if there is an easy way to do this
9
by: Jim Washington | last post by:
I'm still working on yet another parser for JSON (http://json.org). It's called minjson, and it's tolerant on input, strict on output, and pretty fast. The only problem is, it uses eval(). It's...
1
by: Matt Leslie | last post by:
Hi, I am trying to install python 2.4.1 on a windows XP machine. Whether I choose to install 'for me' or 'for all users, and no matter where I select as the root directory, the installer always...
0
by: Jeff Reed | last post by:
I am experiencing the the problem outlined the below. Unfortunately, I am using WinXP and I not sure if I can apply the solution due to lack of security control Any feed back would be apreciated ...
2
by: Antonio-F100 | last post by:
Hello, I need help creating the code for a macro button on a form that will open a file directory with windows explorer. I have about 500 directories with very long names and only want to...
0
by: Ben | last post by:
Hello, I've been developing apps in Delphi for years and have just started writing my first big project in c# + ms .net and have some questions about security and untrusted code. I've got an...
1
by: dkmarni | last post by:
Hi, I am trying to do this perl script, but not able to complete it successfully. Here is the description what the script has to do.. Accept two and only two command line arguments. Again,...
8
by: theCancerus | last post by:
Hi All, I am not sure if this is the right place to ask this question but i am very sure you may have faced this problem, i have already found some post related to this but not the answer i am...
2
by: Andrey Fedorov | last post by:
Is the scope of a closure accessible after it's been created? Is it safe against XSS to use closures to store "private" auth tokens? In particular, in... ....can untrusted code access...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.