diff options
author | Chris Liddell <chris.liddell@artifex.com> | 2020-04-09 09:07:38 +0100 |
---|---|---|
committer | Chris Liddell <chris.liddell@artifex.com> | 2020-04-09 09:07:38 +0100 |
commit | c96962212ed44463b3bd5cf34f3f790e9d14cd0b (patch) | |
tree | acbc528b1dea1452b4fb0e94d2fc4d7209e0d6fa | |
parent | ebabebad34a3811230b7bfe351eface7f5efc8a9 (diff) | |
download | ghostpdl-c96962212ed44463b3bd5cf34f3f790e9d14cd0b.tar.gz |
Clarify path matching for SAFER controls
Make it explicit that the 'form' of the paths (e.g. absolute vs relative) must
match between --permit-file-* paramters and the actual path used to reference
the file
-rw-r--r-- | doc/Use.htm | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/doc/Use.htm b/doc/Use.htm index c6da92029..3672e3abd 100644 --- a/doc/Use.htm +++ b/doc/Use.htm @@ -3517,9 +3517,16 @@ operation of <code>setpagedevice</code>, and because this capability is <i>extre rarely used, we feel the improvement in security warrants the small reduction in flexibility. <p> -Path matching is simple: it is case sensitive, and we do not implement full featured +Path matching is very simple: it is case sensitive, and we do not implement full featured "globbing" or regular expression matching (such complexity would significantly -and negatively impact performance). The following cases are handled: +and negatively impact performance). Further, the string parameter(s) passed to the +<code>--permit-file-*</code> option must exactly match the string(s) used to reference +the file(s): for example, you cannot use a absolute path to grant permission, and +then a relative path to reference the file (or vice versa) - the path match will fail. +Similarly, you cannot grant permission through one symlink, and then reference a file +directly, or through an alternative symlink - again, the matching will fail. +<p> +The following cases are handled: <ul> <li> <dt><code>"/path/to/file"</code></dt> |