[xml] Question about security implications around external entities
- From: Mike Dalessio <mike dalessio gmail com>
- To: xml <xml gnome org>
- Subject: [xml] Question about security implications around external entities
- Date: Mon, 1 Oct 2012 14:36:10 -0400
Hi,
If I parse a document that references a local file, like this:
<!DOCTYPE root [ <!ENTITY ent SYSTEM "file:///etc/passwd"> ]>
<root>
<e>&ent;</e>
</root>
There is no obvious way to avoid having libxml2 open `/etc/passwd`. You may be able to avoid replacing the entity by setting the NOENT option; however there is still a possible vulnerability here. I can avoid loading external entity files that are accessed over the network by setting the NONET parse option; there is no equivalent for local file access.
My question is this: what's the offical libxml2 policy on this? Should users of libxml2 who are parsing untrusted documents do their parsing in a `chroot` environment to limit file access? Is there some other workaround? Are the maintainers open to a parse option that will turn off local file access? Is there something obvious that I'm missing?
Thanks very much for your attention.
-mike
---
mike dalessio / @flavorjones
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]