On Thu, Apr 25, 2002 at 02:43:07PM +0100, John Rowe wrote: > [...] > > I'm guessing that you, like the rest of us, restrict the ability to write > those files to a limited set of system personel but allow ordinary users > to write HTML/XML files. > > The *valid* comparison is with the 'include' directive in mod_exec which > tries not to allow access to files outside the document tree. It: > > 1. respects .htaccess permissions. > > 2. refuses to allow either absoluute pathnames or those starting > with '../' > > 3. allows a 'virtual' value which is treated as a URL. > > Which is roughly how I say axkit should behave. Having file:// urls allows > someone with partial access to the system (say an exported subdirectory of > the document root) leverage their permissions to get axkit to look at > other parts of the hosts directory tree.
But resrticting file level access is something best left to the operating system. I'd say that depending on an _application_ to keep a client within a certain branch of the file system tree is rather dangerous. If you want to be paranoid, run your server in a changerooted environment. Otherwise, use the file systems permissions to disable even read access of the files you want to stay secure. > > > It does do that. That was the whole problem in this thread. The bug that > > Markus is stuck with is a bug in nsgmls, not in AxKit (modulo the problem > > with relative URIs he's seeing). > > Maybe I'm doing something wrong (I'm very new to xml). If I have an XML > file starting: > > <?xml version="1.0"?> > <!DOCTYPE localdoc SYSTEM "/usr/local/share/sgml/dtd/local/localdoc.dtd" [ > ]> > <?xml-stylesheet href="/xml/localdoc.xsl" type="text/xsl"?> I hope this doesn't sound nit-picky, but your SYSTEM identifier is a relative URL (it lacks the scheme name - rfc2396, 3.1 Scheme Component). So, the xml parser has to resolve the external entity as a relative URL. Now, how is this 'relative' to be interpreted? According to the REC-xml-20001006 documentation (section 4.2, External Entities): | Unless otherwise provided by information outside the scope of this specification | (e.g. a special XML element type defined by a particular DTD, or a processing |instruction | defined by a particular application specification), relative URIs are relative to |the | location of the resource within which the entity declaration occurs. so, '/usr/local/share/sgml/dtd/local/localdoc.dtd' has to be interpreted as a file path relative to the xml document. Isn't this exactely what's happening? BTW, commenting on 'Unless otherwise provided by ...': libXML has the ability to both use an DTD catalog as well as substitute the external entity resolver. I'm not aware of a way to replace the external entity resolver with a perl routine, but Matt might have more information :-) Ralf Mattes > > Then my apache logs complain about a missing 'usr' directory in the > directory where the xml file lives, not the document root. I would > appreciate advice on how to properly specify the file. > > John > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
