tags:

views:

41

answers:

3
Q: 

Regexp for chroot-like path building in a Linux environment

Consider the following security problem:

I have a static base path (/home/username/) to which I append a user-controlled sub-path (say foo/bar.txt). The content of this file is then read and presented to the user.

In the case described the full path would be: /home/username/foo/bar.txt

Now to the problem. I want to control so that the full path is always a subdirectory of the static base path. In other words I don't want the user to supply a path such that the base path is escaped.

The following full path is OK:

/home/username/foo/bar.txt

Whereas this one is one is clearly not safe:

/home/username/foo/../../../etc/passwd

To complicate matters further the proper solution of chroot:ing to the base path is not available. Due to various reasons the only available solution is to use a regexp to differentiate between safe and unsafe paths.

Given the problem outlined above, what is the proper regexp?

Please note:

  • The code will run under Linux. The path separator is hence /.
  • The question is totally language agnostic.
  • Please do not suggest other ways to solve the problem. I know that there are alternative better ways to solve it (such as chroot:ing), but this question is restricted to the regexp solution only.
+1  A: 

You can simply reject any user input that matches /(^|\/)\.\.(\/|$)/

That means: if it contains /../ or begins with ../ or ends with /.. or is ..

Leventix  2009-11-13 22:09:49
But you have to make sure, that you prepend '/home/username/', otherwise `~/something` or `/var/log` will cause problems.
Leventix  2009-11-13 22:12:45
A: 

I believe it can't be done using just one single regexp. Regexps can't count anything, while here you definitely need to count the number of ../

However, you may try using recursive regexps and check for recursive nesting of ([[:alpha:]]+/..), like [[:alpha:]]+(\R)|..

I agree that it is better to forbid ../ at all

Dmitry  2009-11-13 22:12:17
+1  A: 

If you don't want to reject it outright, just strip any "../" from the path, like this :

sed -e 's/\..\///g'

You should be aware that there could be files in the directory hierarchy that you allow that are linked to directories outside of that hierarchy.

Without using chroot I don't think there is a way that you can guarantee for it to be totally safe.

Tim  2009-11-13 22:15:06

related questions

How to transition to Functional Programming
List of the top Programming "shows"
How to contribute code back to an Open Source project?
What is Test Driven Development (TDD)?
pass by reference or pass by value?
Could you recommend a good free project hosting website?
Writing A "Conway's Game of Life" Program
Learning to write a compiler
How can I modify .xfdl files? (Update #1)
Followup: "Sorting" colors by distinctiveness
Followup: Finding an accurate "distance" between colors
Windows Help files - what are the options?
A little diversion into floating point (im)precision, part 1
Internationalization in your projects
Efficiently get sorted sums of a sorted list
Format string to title case
GUI Programming APIs
Using combinations of sets as test data
What books would you recommend for a beginning Software Developer?
The Definitive Guide To Website Authentication
What is your solution to the FizzBuzz problem?
Generate list of all possible permutations of a string
When to use unsigned values over signed ones?
Function for creating color wheels
Fastest way to get value of pi