CWE-72: Improper Handling of Apple HFS+ Alternate Data Stream Path
Improper Handling of Apple HFS+ Alternate Data Stream Path
Weakness ID: 72 (Weakness Variant)
Status: Incomplete
Description
Description Summary
The software does not properly handle special paths that may
identify the data or resource fork of a file on the HFS+ file
system.
Extended Description
If the software chooses actions to take based on the file name, then if an
attacker provides the data or resource fork, the software may take
unexpected actions. Further, if the software intends to restrict access to a
file, then an attacker might still be able to bypass intended access
restrictions by requesting the data or resource fork for that file.
Time of Introduction
Architecture and Design
Implementation
Applicable Platforms
Languages
All
Operating Systems
Mac OS
Demonstrative Examples
Example 1
A web server that interprets FILE.cgi as processing instructions
could disclose the source code for FILE.cgi by requesting
FILE.cgi/..namedfork/data. This might occur because the web server invokes
the default handler which may return the contents of the file.
The Apple HFS+ file system permits files to have multiple data input
streams, accessible through special paths. The Mac OS X operating system
provides a way to access the different data input streams through special
paths and as an extended attribute:
- Data fork: file/..namedfork/data (only versions prior to Mac OS X
v10.5)
Additionally, on filesystems that lack native support for multiple
streams, the resource fork and file metadata may be stored in a file with
"._" prepended to the name.
Forks can also be accessed through non-portable APIs.
Forks inherit the file system access controls of the file they belong
to.
Programs need to control access to these paths, if the processing of a
file system object is dependent on the structure of its path.
Description
