diff options
| author | Daniel Veillard <veillard@src.gnome.org> | 2002-10-10 15:26:25 +0000 |
|---|---|---|
| committer | Daniel Veillard <veillard@src.gnome.org> | 2002-10-10 15:26:25 +0000 |
| commit | 159d00a5a00cf3a9049dda9daa7455d7272afcfc (patch) | |
| tree | 25fb867c51dcc032e70120903dfa5a08a0b48e33 /xsltproc | |
| parent | 2ae9ba850c46c24f92c9895c98adabbf69e940dd (diff) | |
| download | libxslt-159d00a5a00cf3a9049dda9daa7455d7272afcfc.tar.gz libxslt-159d00a5a00cf3a9049dda9daa7455d7272afcfc.tar.bz2 libxslt-159d00a5a00cf3a9049dda9daa7455d7272afcfc.zip | |
new module with runtime security checks, it will also check and do
* libxslt/security.[ch] libxslt/Makefile.am: new module with
runtime security checks, it will also check and do directory
creation when allowed
* libxslt/documents.c libxslt/imports.c libxslt/transform.c
libxslt/xslt.c libxslt/xsltInternals.h: plug-in the new
security infrastructure probes at file reading or file creation
* xsltproc/xsltproc.c: plugged the security module there too,
added the new options --nowrite and --nomkdir
* doc/*: updated the man page and regenerated.
Daniel
Diffstat (limited to 'xsltproc')
| -rw-r--r-- | xsltproc/xsltproc.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/xsltproc/xsltproc.c b/xsltproc/xsltproc.c index 72eff0e6..88a6dd6a 100644 --- a/xsltproc/xsltproc.c +++ b/xsltproc/xsltproc.c @@ -49,6 +49,7 @@ #include <libxslt/transform.h> #include <libxslt/xsltutils.h> #include <libxslt/extensions.h> +#include <libxslt/security.h> #include <libexslt/exsltconfig.h> @@ -381,6 +382,8 @@ static void usage(const char *name) { printf("\t use stringparam to avoid it\n"); printf("\t--stringparam name value : pass a (parameter, UTF8 string value) pair\n"); printf("\t--nonet refuse to fetch DTDs or entities over network\n"); + printf("\t--nowrite refuse to write to any file or resource\n"); + printf("\t--nomkdir refuse to create directories\n"); #ifdef LIBXML_CATALOG_ENABLED printf("\t--catalogs : use SGML catalogs from $SGML_CATALOG_FILES\n"); printf("\t otherwise XML Catalogs starting from \n"); @@ -400,6 +403,7 @@ main(int argc, char **argv) int i; xsltStylesheetPtr cur = NULL; xmlDocPtr doc, style; + xsltSecurityPrefsPtr sec = NULL; if (argc <= 1) { usage(argv[0]); @@ -411,6 +415,8 @@ main(int argc, char **argv) LIBXML_TEST_VERSION xmlLineNumbersDefault(1); + sec = xsltNewSecurityPrefs(); + xsltSetDefaultSecurityPrefs(sec); for (i = 1; i < argc; i++) { if (!strcmp(argv[i], "-")) @@ -478,6 +484,18 @@ main(int argc, char **argv) } else if ((!strcmp(argv[i], "-nonet")) || (!strcmp(argv[i], "--nonet"))) { xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader); + } else if ((!strcmp(argv[i], "-nowrite")) || + (!strcmp(argv[i], "--nowrite"))) { + xsltSetSecurityPrefs(sec, XSLT_SECPREF_WRITE_FILE, + xsltSecurityForbid); + xsltSetSecurityPrefs(sec, XSLT_SECPREF_CREATE_DIRECTORY, + xsltSecurityForbid); + xsltSetSecurityPrefs(sec, XSLT_SECPREF_WRITE_NETWORK, + xsltSecurityForbid); + } else if ((!strcmp(argv[i], "-nomkdir")) || + (!strcmp(argv[i], "--nomkdir"))) { + xsltSetSecurityPrefs(sec, XSLT_SECPREF_CREATE_DIRECTORY, + xsltSecurityForbid); #ifdef LIBXML_CATALOG_ENABLED } else if ((!strcmp(argv[i], "-catalogs")) || (!strcmp(argv[i], "--catalogs"))) { @@ -679,6 +697,7 @@ done: #if 0 xmlMemoryDump(); #endif + xsltFreeSecurityPrefs(sec); return(errorno); } |