mahara-contributors team mailing list archive

[François Marier <francois@xxxxxxxxxx>]

Public bug reported:

There are two types of data that Mahara manipulates directly: images and
compressed files.

Images are resized using PHP libraries (running as the Apache user) and
zip files / tarballs are uncompressed through PHP libraries (in the case
of Leap) or through shelling out to run unzip.

The problem with this is that this untrusted user data could potentially
contain exploits which would take over the web server process and
potentially write to / delete the dataroot or the database.

Ideally, we should have the current insecure file manipulation mode for
people on shared hosting or Windows as well as a more secure mode where
tainted data is handled in a separate process and by an unprivileged and
separate user account.

** Affects: mahara
     Importance: Medium
         Status: Triaged


** Tags: security

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/785467

Title:
  Tainted data should be handled more carefully

Status in Mahara ePortfolio:
  Triaged

Bug description:
  There are two types of data that Mahara manipulates directly: images
  and compressed files.

  Images are resized using PHP libraries (running as the Apache user)
  and zip files / tarballs are uncompressed through PHP libraries (in
  the case of Leap) or through shelling out to run unzip.

  The problem with this is that this untrusted user data could
  potentially contain exploits which would take over the web server
  process and potentially write to / delete the dataroot or the
  database.

  Ideally, we should have the current insecure file manipulation mode
  for people on shared hosting or Windows as well as a more secure mode
  where tainted data is handled in a separate process and by an
  unprivileged and separate user account.