Title :
How to Open a File and Not Get Hacked
Author :
Kupsch, James A. ; Miller, Barton P.
Author_Institution :
Dept. of Comput. Sci., Wisconsin Univ., Madison, WI
Abstract :
Careless attention to opening files, often caused by problems with path traversal or shared directories, can expose applications to attacks on the file names that they use. In this paper we present criteria to determine if a path is safe from attack and how previous algorithms are not sufficient to protect against such attacks. We then describe an algorithm to safely open a file when in the presence of an attack (and how to detect the presence of such an attack), and provide a new library of file open routines that embodies our algorithm. These routines can be used as one-for-one substitutes for conventional POSIX open and fopen calls.
Keywords :
file organisation; security of data; conventional POSIX open; file open routines; fopen calls; one-for-one substitutes; path traversal; Application software; Availability; Computer hacking; Computer security; File systems; Libraries; Network interfaces; Operating systems; Permission; Protection; file open; secure programming; trusted path;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.53
