commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jochen Wiedmann (JIRA)" <>
Subject [jira] [Commented] (FILEUPLOAD-298) Don't use temp directory by default for storing uploaded files
Date Tue, 09 Apr 2019 12:59:00 GMT


Jochen Wiedmann commented on FILEUPLOAD-298:

[~asmotrakov]: Agreed. On the other hand, that's what we have setRepository() for. I won't
enter the discussion, what's a sensible value for that, or not. In particular not, while we
are discussing sensible default values. Because, that's quite a different story.


> Don't use temp directory by default for storing uploaded files
> --------------------------------------------------------------
>                 Key: FILEUPLOAD-298
>                 URL:
>             Project: Commons FileUpload
>          Issue Type: Improvement
>            Reporter: Artem Smotrakov
>            Priority: Major
>         Attachments: use_app_work_directory_v1.patch
> By default, DiskFileItem stores uploaded files in the directory defined by
system property which creates a weakness described in CVE-2013-0248.
> []
> The patch for CVE-2013-0248 just updates the docs with a note that the setRepository()
method must be used in case of untrusted environment.
> []
> I am wondering if it would be better to use user.dir or user.home system properties instead
>  * Normally only the user which started the application can write to user.home
>  * It seems to be more likely that user.dir is not publicly writable
> I am attaching a draft patch which updates DiskFileItem to use a subdirectory under user.dir
although user.home looks to be a better option from security perspective.
> If no objections, I will finalize the patch and create a pull request.

This message was sent by Atlassian JIRA

View raw message