[Widelands-dev] [Bug 724344] Re: Security issue in sending files in network game
how should we handle this? Should we issue a build 15 security update? build 15.1? I am against this, as builds are 'beta' by definition. I suggest informing our user base and push the update in build 16. This should also speed up adaption of build 16, nor? -- You received this bug notification because you are a member of Widelands Developers, which is a direct subscriber. https://bugs.launchpad.net/bugs/724344 Title: Security issue in sending files in network game Status in Widelands: Fix Committed Bug description: Network games have capability to send savegames and maps over network. Receiving player first checks if the file exists, and if it exists, existing file is renamed before new file is received. Handling of the received file is not secure as FileSystem classes support using ".." in path to go out of filesystem root. For example sending a file name like "../.bashrc" allows some nasty things to happen. To fix this issue either FileSystem code should enforce that file accesses stay within created file system's root. Alternatively paths coming from network should be validated and "..", "~" and "/" accesses should be filtered out. Perhaps it's wise to implement both. ___ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
[Widelands-dev] [Bug 724344] Re: Security issue in sending files in network game
Jepp that would be the other possibility. I already pushed the fix to the build15 branch + another fix for a compiletime error with newer gcc versions (already fixed in trunk since some months) - however if we decide to keep Build15 as it is, this should not be a problem, or do you think? The only thing we should take care of is to provide a fixed package for our players, when informing them about the issue - so ither build16rc1 or Build15.1 (or whatever) -- You received this bug notification because you are a member of Widelands Developers, which is a direct subscriber. https://bugs.launchpad.net/bugs/724344 Title: Security issue in sending files in network game Status in Widelands: Fix Committed Bug description: Network games have capability to send savegames and maps over network. Receiving player first checks if the file exists, and if it exists, existing file is renamed before new file is received. Handling of the received file is not secure as FileSystem classes support using ".." in path to go out of filesystem root. For example sending a file name like "../.bashrc" allows some nasty things to happen. To fix this issue either FileSystem code should enforce that file accesses stay within created file system's root. Alternatively paths coming from network should be validated and "..", "~" and "/" accesses should be filtered out. Perhaps it's wise to implement both. ___ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
[Widelands-dev] [Bug 724344] Re: Security issue in sending files in network game
Okay, so I suggest we pressure on with build 16. I'd suggest we post the security issue right away on the website as Jari suggested and also mention that build 16 will contain the fix. Only joining trusted games should not be a strong restriction. -- You received this bug notification because you are a member of Widelands Developers, which is a direct subscriber. https://bugs.launchpad.net/bugs/724344 Title: Security issue in sending files in network game Status in Widelands: Fix Committed Bug description: Network games have capability to send savegames and maps over network. Receiving player first checks if the file exists, and if it exists, existing file is renamed before new file is received. Handling of the received file is not secure as FileSystem classes support using ".." in path to go out of filesystem root. For example sending a file name like "../.bashrc" allows some nasty things to happen. To fix this issue either FileSystem code should enforce that file accesses stay within created file system's root. Alternatively paths coming from network should be validated and "..", "~" and "/" accesses should be filtered out. Perhaps it's wise to implement both. ___ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
