如何对给定路径(来自 Web 服务器)执行安全检查以提供文件
我需要为网络服务器编写一个小文件服务组件。服务中存在很多问题 文件。因为“原样”是一个很大的安全漏洞,像这样
www.somesite.com/../../../../etc/passwd
有很多问题,包括“..”解析和许多其他问题,比如在Windows下有很多“引用某些路径的不寻常方法”。符号链接也存在一些问题......它们可能会让我们远离文档根目录。
有没有关于提供文件并对文件执行安全检查的好文章或材料?
谢谢。
PS:我主要需要 POSIX 系统的解决方案,但我也需要 Win32 的解决方案。
PPS:
- 检查“..”和符号链接对于 POSIX 系统是否足够? (据我所知,Windows 不支持)
- 据我记得 Windows 为这些目的提供了某种 API,有人可以指出吗?
为什么我需要这个:
CppCMS 有一个用于调试目的的简单内部 Web 服务器(我写过一个),我试图弄清楚让这个服务器在现实世界中完全有用(即直接在 80 处监听,而不是在 Web 服务器和 FastCGI 或 SCGI 连接器后面运行)有多难。
这是一个 文件我现在使用的服务应用程序。它进行非常原始的检查。我主要想让它安全。
我的答案:
似乎已经足够好了...
简而言之:在 UNIX 下使用 realpath ,在 Windows 下使用 GetFullPathName 。
最后说明:如果有建议更详细的功能,我会接受它(特别是对于 Win32,路径测试很痛苦......)
I need to write a small file serving component for web server. There are lots of issues serving
files. Because "as-is" serving as big security hole, like this
www.somesite.com/../../../../etc/passwd
There are many issues including ".." resolving and many others like under windows there are many "unusual ways to refer to some path". Also there are some issues with symbolic links... They may drive us away of document-root.
Is there any good article or material about serving files and performing security checks on them?
Thanks.
P.S.: I need solution mostly for POSIX systems but I need a solution for Win32 as well.
P.P.S:
- Does check for ".." and symbolic links is sufficient for POSIX systems? (As far as I know it does not for Windows)
- As far as I remember Windows provides some kind of API for these purposes, can somebody point to it?
Why do I need this:
CppCMS has a simple internal web server for debugging purposes (I had written one), I try to figure out how hard would it be to make this server fully useful for real world (i.e. listen at 80 directly rather then run behind a web server and FastCGI or SCGI connector).
This is a file serving application that I use at this point. It does very primitive checks. I mostly want make it safe.
My Answer:
There is an answer https://www.securecoding.cert.org/confluence/display/seccode/FIO02-C.+Canonicalize+path+names+originating+from+untrusted+sources
Seems to be good enough...
In short: use realpath under UNIX and GetFullPathName under Windows.
Final note: if something would suggest more detailed functionality I would accept it (especially for Win32 where path tests are pain-in-...)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
至于 Windows API 产品,有一组以
Path和Url开头的 Shell 函数,可以帮助标准化目录、路径和文件名。例如,PathCanonicalize将帮助您将任意路径转换为标准形式。从那里您可以进行进一步的分析。一般来说,使用允许的特定事物列表,而不是禁止的事物列表。坏人总是会想出你意想不到的新东西。
As for the Windows API offerings, there are a collection of Shell functions that begin with
PathandUrlthat can help normalize directories, paths, and file names. For example,PathCanonicalizewill help you get an arbitrary path into a standard form. From there you can do further analysis.In general, work with a specific list of things to allow, rather than a list of things to disallow. Bad guys will always think of new things that you didn't anticipate.
看来您正在处理路径遍历 - http://www.owasp.org/index.html php/Path_Traversal。
该链接主要涉及网络应用程序,但我认为其中的一些信息会有帮助。我认为 POSIX 系统上的最佳实践是 chroot 并且不允许访问应用程序根目录之外的路径。
It seems like you are dealing with Path Traversal - http://www.owasp.org/index.php/Path_Traversal.
That link mainly deals with web applications, but I think that some of the information there will be helpful. I think the best practice on a POSIX system is to chroot and not allow access to a path outside of the root of the application.