Skip to content

Commit e0262ae

Browse files
mdnahasmdnahas
committed
Draft of Par3 specification
1 parent 94155cb commit e0262ae

File tree

1 file changed

+15
-0
lines changed

1 file changed

+15
-0
lines changed

doc/Parity_Volume_Set_Specification_v3.0.txt

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -686,6 +686,14 @@ FAT Root Packet
686686
/\ /\ /\ TODO /\ /\ /\
687687

688688

689+
\/ \/ \/ TODO \/ \/ \/
690+
691+
Can you mix-and-match metadata? If someone calls Par with files from my EXT4 mounted filesystem inside a Windows VM, what should happen?
692+
693+
/\ /\ /\ TODO /\ /\ /\
694+
695+
696+
689697
Security:
690698

691699
Security is a major issue for PAR clients. Users will probably execute the client on untrusted files, downloaded from strangers. We do not want PAR to be a means for hackers to attack a system.
@@ -704,6 +712,13 @@ One part of preventing these attacks is confirming that filenames are valid file
704712

705713
Slightly off the topic of security, this is probably a good place to recommended that users be warned when they create PAR files with names that are incompatible with Windows, Mac, or Linux systems. That is, file or directory names that are more than 255 characters long, start with a period (.) or a dash (-), or contain one of these characters: < > : " ' ` ? * & | [ ] \ ; or newline (\n).
706714

715+
\/ \/ \/ TODO \/ \/ \/
716+
717+
Should we Include #, !, and (windows) %
718+
719+
/\ /\ /\ TODO /\ /\ /\
720+
721+
707722
Another part of preventing file system attacks is to validate paths. For paths, major attacks will come by referencing a file using an absolute path ("/etc/passwd" or "C:\Windows\System32\Config") or escaping a subdirectory ("../../etc/passwd" or "..\..\Windows\System32\Config"). (NOTE: On Windows, an absolute path can start "C:\" or "\" or "\\" for example. For UNIX, that means one starting with "/" or "//" or "~". For Mac, one can also start with ":". There may be other formats!) It is REQUIRED that the client get user approval before using an absolute path or using a feature like ".." in a path. For a GUI, this approval can come via a dialog box saying something like "This PAR file is writing to an absolute path. This is dangerous, because it can overwrite system files like your password file. Do you want to allow this?" For a command line tool, the approval can come via a command line option. The default should always be to not allow this behavior.
708723

709724
Clients are also REQUIRED to ask for permission when linking to files outside a subdirectory. That is, if the link target contains an absolute path or uses a feature like "..".

0 commit comments

Comments
 (0)