How to Open a File and Not Get Hacked

14 years 6 months ago

Download www.cs.wisc.edu

Careless attention to opening ﬁles, often caused by problems with path traversal or shared directories, can expose applications to attacks on the ﬁle names that they use. In this paper we present criteria to determine if a path is safe from attack and how previous algorithms are not sufﬁcient to protect against such attacks. We then describe an algorithm to safely open a ﬁle when in the presence of an attack (and how to detect the presence of such an attack), and provide a new library of ﬁle open routines that embodies our algorithm. These routines can be used as one-for-one substitutes for conventional POSIX open and fopen calls.

James A. Kupsch, Barton P. Miller

Real-time Traffic

Careless Attention | IEEEARES 2008 | Path Traversal | Security Privacy | ﬁle Open Routines |

claim paper

Post Info
More Details (n/a)

Added	31 May 2010
Updated	31 May 2010
Type	Conference
Year	2008
Where	IEEEARES
Authors	James A. Kupsch, Barton P. Miller

Comments (0)

Sciweavers

How to Open a File and Not Get Hacked

Careless Attention | IEEEARES 2008 | Path Traversal | Security Privacy | ﬁle Open Routines |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers