[Zope] Prevent image-reloading...
Ross J. Reedstrom
reedstrm@rice.edu
Tue, 16 Feb 1999 13:22:36 -0600
Michael Bernstein wrote:
<snipped>
> /
> /images
> /a
> /b
> /c
>
> it is entirely possible to go to the folowing URL:
>
> www.yourdomain.com/a/b/c/b/c/a/b/a/c/b/images/someimage.gif
>
> and actually retrieve the image. Directories are subject to acquisition
> just like Methods are, so beware of referring to sibling directories as
> sub-directories when creating relative URL's. The browser (correctly)
> sees most of these images as having distinct URL's, and so does not
> retrieve them from the cache.
This behavior of aquiring subdirectories leads to some very interesting
issues, especially given the prevelance of buffer-overflow problems
showing up in all sorts of software these days. I noticed that a
directory even inherits _itself_ as a subdir, so
www.your.domain.com/a/b/c/c/c/c/c/c/c/c/c/c/c/c... is a possibility.
Reminds me of an old DOS exploit, involving subdir nesting > 256(?).
Anyone want to come up with a take on the security impact of this? At
minimum, I'd think you can kill browsers with this, perhaps take them
over. It's not really a problem with Zope, just an interesting side
issue.
Ross
--
Ross J. Reedstrom, Ph.D., <reedstrm@rice.edu>
NSBRI Research Scientist/Programmer
Computer and Information Technology Institute
Rice University, 6100 S. Main St., Houston, TX 77005