Wiki source for secCanCreatePathOfSize


Show raw source

These are file based security callbacks. If they do not exist in the SecurityPlugin or if the SecurityPlugin does not exist they they are not used.

These security plugin calls then call the platform api calls

secCanCreatePathOfSize ioCanCreatePathOfSize if allowFileAccess return 1, otherwise call isAccessiblePathName
secCanDeletePathOfSize ioCanDeletePathOfSize if allowFileAccess return 1, otherwise call isAccessiblePathName
secCanGetFileTypeOfSize ioCanGetFileTypeOfSize return 1
secCanListPathOfSize ioCanListPathOfSize if allowFileAccess return 1, otherwise call isAccessiblePathName
secCanSetFileTypeOfSize ioCanSetFileTypeOfSize return 1
secDisableFileAccess ioDisableFileAccess allowFileAccess = 0
secCanDeleteFileOfSize ioCanDeleteFileOfSize if allowFileAccess return 1, otherwise call isAccessibleFileName
secCanOpenFileOfSizeWritable ioCanOpenFileOfSizeWritable if allowFileAccess return 1, otherwise call isAccessibleFileName
secCanRenameFileOfSize ioCanRenameFileOfSize if allowFileAccess return 1, otherwise call isAccessibleFileName
secHasFileAccess ioHasFileAccess return allowFileAccess


isAccessibleFileName
check to see if the filename is in the untrustedUserDirectory path

isAccessiblePathName
check to see if the path is in the untrustedUserDirectory path


**MacIntosh**
//os-9/OSXCarbon//
mirror of windows code

//Cocoa://
TBD

**iPhone**
mirror of windows code

**Unix**
rewritten code, handles null terminated character and compares between trusted, untrusted paths and incoming data correctly.

**Windows**
Original code
Check for c:\My Squeak\allowed\..\..\"

**BUGS**
macintosh does not check for ../../../ etc...
Also macintosh and windows not check lengths properly, see unix version for proper implementation
Also question about encoding, what is encoding for incoming data, versus trusted and untrusted directories

It is quite possible to defeat any sand boxing by coding path level indirection or using tricks like setting up an alias or symbolic link file/directory within the trusted/untrusted directory path.




Valid XHTML :: Valid CSS: :: Powered by WikkaWiki