OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

docbook-apps message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: DOCBOOK-APPS: Manually Chunking with PIs


On Tue, Sep 03, 2002 at 06:02:35AM -0400, Daniel Veillard wrote:
> On Tue, Sep 03, 2002 at 11:56:16AM +0200, Janning Vygen wrote:
> > Am Montag, 2. September 2002 16:42 schrieb Jirka Kosek:
> > > Janning Vygen wrote:
> > > > 3. Directories cant be created by the XSLT Processor. Does
> > > > anybody has written a stylesheet converting toc file to a shell
> > > > script which creates all needed directories?
> > >
> > > This depends on OS and processor used. E.g. Saxon on Windows is
> > > able to create directory if it doesn't exists yet.
> > 
> > Yes, you are right. I forgot to say that i am using linux and 
> > xsltproc. Saxon uses java api to extend the possibilities and it 
> > works on linux as well as on windows. 
[...]
> > Wouldn't it be better to have an XSL Stylesheet which generates a 
> > file with the needed directories?
> 
>   Honnestly, no ! That could turn into a nasty security problem.
> When an XSLT engine is embedded in say a web server, it's already a
> bit hazardeous to allow creating files (extending libxslt to have
> some policy control over potential security hazards is an interesting
> TODO item), I wouldn't allow to create directories ATM, there is too
> many security implications (think about a sytlesheet with an hidden
> template creating .ssh/authorized_keys for example).
>   Too dangerous without a proper framework, 

  I started implementing the framework. The patch I commited at 

http://cvs.gnome.org/bonsai/cvsquery.cgi?module=libxslt&branch=HEAD&branchtype=match&dir=libxslt&file=&filetype=match&who=veillard&whotype=match&sortby=Date&hours=&date=explicit&mindate=10%2F10%2F02+11%3A25&maxdate=10%2F10%2F02+11%3A27&cvsroot=%2Fcvs%2Fgnome

  provide the necessary hooks for access checking and defining a policy
of access. As a result xsltproc should create new directories when needed.
There is also a couple of new options:
     --nowrite : refuse to write to any file or resource
     --nomkdir : refuse to create directories

  To be able to protect the environment when the stylesheets are not considered
trusted enough.

  This will be in the next libxslt release.

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard@redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC