[Issue 3420] Allow string import of files using subdirectories
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Mon Sep 20 04:45:45 PDT 2010
http://d.puremagic.com/issues/show_bug.cgi?id=3420
Don <clugdbug at yahoo.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[PATCH] Allow string import |Allow string import of
|of files using |files using subdirectories
|subdirectories |
Severity|regression |enhancement
--- Comment #19 from Don <clugdbug at yahoo.com.au> 2010-09-20 04:45:03 PDT ---
This link:
https://www.securecoding.cert.org/confluence/display/seccode/FIO02-C.+Canonicalize+path+names+originating+from+untrusted+sources
states that:
"Producing canonical file names for Windows operating systems is extremely
complex and beyond the scope of this standard. The best advice is to try to
avoid making decisions based on a path, directory, or file name [Howard 2002].
Alternatively, use operating-system-based mechanisms, such as access control
lists (ACLs) or other authorization techniques."
Thus, this issue might not be fixable on Windows.
I'm downgrading this all the way from 'regression' to 'enhancement', since it
was a security bug that it ever worked at all. Perhaps the bug should just be
closed.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
More information about the Digitalmars-d-bugs
mailing list