cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jorg Heymans ...@domek.be>
Subject Re: variable substitution in @type attributes
Date Wed, 04 Feb 2004 15:52:21 GMT
> 
> Moreover, the use case shows a component type coming directly for the 
> request URI, which is a giant door open to "component injection" by 
> providing a value for the type that is not in the expected values and 
> executes arbitrary code on the server.
Wooo hold on here, what you just described sounds a bit like a buffer 
overflow type of exploit, a bit of overkill i think.

Granted, if i can
1) upload my component
2) reload/restart the servlet container
3) get my components initialize() to run

then i'm in business. But how feasible is this? Worst case would be if 
the user configured fileuploads to go to web-inf/lib or web-inf/classes 
but then you're in trouble anyway because i'll upload my custom servlet 
class that overwrites the cocoon servlet.

Understanding your concerns, but needing a higher than extremely 
unlikely and isolated usecase,

Jorg


Mime
View raw message