https://bugzilla.wikimedia.org/show_bug.cgi?id=67402
Bug ID: 67402
Summary: Have SvgHandler create a directory for its RSVG input
files
Product: MediaWiki
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: File management
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected]
Web browser: ---
Mobile Platform: ---
RSVG has recently changed its external entity expansion policy, from allowing
access to all local files to only allowing files in the same directory as the
input file. This is not sufficiently secure for us as it is, since input files
are typically in /tmp and there may be all sorts of private data in /tmp, owned
by apache.
However, it would be nice to securely support the new stock RSVG, so that we
can stop maintaining our security patch, and so that external users can use
RSVG without patching it. So, I propose having SvgHandler create a new
temporary directory on transform, and having it copy (or symlink if RSVG's
security policy allows) the source files into that directory.
We are planning on migrating to Ubuntu 14.04 soon, which means either porting
the security patch or implementing this proposal, hence it is fairly urgent.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
