On Mon, Mar 16, 2009 at 12:17 PM, Thomas Roessler <t...@w3.org> wrote: > I'd suggest this instead: > >> Implementations should be careful about trusting path components found in >> the zip archive: Such path components might be interpreted by operating >> systems as pointing at security critical files outside the widget >> environment proper, and naive unpacking of widget archives into the file >> system might lead to undesirable and security relevant effects, e.g., >> overwriting of startup or system files. > > What do you think?
I support this change. Makes sense. The other thing is to force implementations of the dig sig spec to verify that a path conforms to a zip-relative-path as defined in the packaging spec. And that we check that zip-relative-paths as defined in the P&C spec are secure as possible. -- Marcos Caceres http://datadriven.com.au