Reputation: 3234
Java canonical path security
I'm studying Android security vulnerabilities, and since Java is being used, the attacks in the language also need to be addressed.
I'm studying from this link.
I have a fair idea about canonical paths, absolute paths, and relative paths in Linux. But this statement :
However, the user can still specify a file outside the intended directory by entering an argument that contains ../ sequences
I know .. refers to parent of the present directory in which the file is present, but cannot understand how an attacker might end up using .. to craft malicious file paths that aren't part of the /img/ directory (mentioned in the article), and still be able to succeed. I'm searching for any examples that might take advantage of this vulnerability and get past the security check. Any help would be much appreciated.
Upvotes: 0
Views: 2392
Answers (1)
Reputation: 2689
Say you have some configuration that allows programs in /path/to/safe/directory/ to be executed. Users can specify the programs they want such as nice1 which is found in your safe directory. But what if the user specifies a program such as ../../totally/evil/nasty? If the program name is not checked for .. characters, you can end up executing the program /path/to/totally/evil/nasty.
The message is that you must sanitise user input to make sure it does not subvert your security policy.
Upvotes: 0
Related Questions
- What are best practices for coding filepaths in java applications intended for distribution?
- Android class canonical name uniqueness after Obfuscation
- Generating a canonical path
- Protecting Android Library
- Android security issues
- Securing a class file in Android Project
- Getting canonical path from Path in Java
- In Java, how to get canonicalized url
- How specify platform independent paths in java.security and policy files?
- Securing android source code