Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!bgsuvax!denbeste
From: denbeste@bgsuvax.UUCP (William C. DenBesten)
Newsgroups: comp.sources.d
Subject: Re: alt.sources archiving
Message-ID: <3879@bgsuvax.UUCP>
Date: 21 Mar 89 22:50:13 GMT
References: <2165@helios.ee.lbl.gov>
Organization: Bowling Green State University B.G., Oh.
Lines: 45

Jef Poskanzer in <10985@well.UUCP> writes:
# Why do you want to store the postings in a filename specified by the poster,
# with all the security issues that brings up?

In the referenced message, kent@ssbell.UUCP (Kent Landfield) wrote:
} I really fail to see a security issues problem as long as archivers do not
} use absolute paths.

From article <2165@helios.ee.lbl.gov>, by jef@ace.ee.lbl.gov (Jef Poskanzer):
> Everyone keeps failing to see the security issue.  All right, I'll be
> specific:
  ...
> there could be an accidental name-space collision.

If you want to avoid name-space collisions, have your archiver check
for collisions.  When (and if) you find a collision, find a new name
to use.  You could make the pathname relative (not absolute) at the
same time.  E. g. :

  -----------------------------------------
set origname = $filename

# check for absolute pathname
if ($filename >= '/' && $filename < '0') set filename = $filename:s:/::

# resolve any collisions
while (-e $filename)
  set filename = X-$filename
end

# report any anomolies
if ($origname != $filename) then
   mail $user -s archiver\: $origname conflict. << EOF
Archiver notice: $origname caused a conflict and was archived as $filename.
EOF
endif
  -----------------------------------------

IMHO, security must begin at home.

Beware, however, I have not tested this code.

-- 
 William C. DenBesten
 denbeste@bgsu.edu
denbesten@bgsuopie.bitnet