0

I'm studying Android security vulnerabilities, and since Java is being used, the attacks in the language also need to be addressed.

I'm studying from this link.

I have a fair idea about canonical paths, absolute paths, and relative paths in Linux. But this statement :

However, the user can still specify a file outside the intended directory by entering an argument that contains ../ sequences

I know .. refers to parent of the present directory in which the file is present, but cannot understand how an attacker might end up using .. to craft malicious file paths that aren't part of the /img/ directory (mentioned in the article), and still be able to succeed. I'm searching for any examples that might take advantage of this vulnerability and get past the security check. Any help would be much appreciated.

vefthym
  • 7,422
  • 6
  • 32
  • 58
gaurav jain
  • 3,119
  • 3
  • 31
  • 48

1 Answers1

0

Say you have some configuration that allows programs in /path/to/safe/directory/ to be executed. Users can specify the programs they want such as nice1 which is found in your safe directory. But what if the user specifies a program such as ../../totally/evil/nasty? If the program name is not checked for .. characters, you can end up executing the program /path/to/totally/evil/nasty.

The message is that you must sanitise user input to make sure it does not subvert your security policy.

Neil Masson
  • 2,609
  • 1
  • 15
  • 23
  • I've got little trouble, can you follow the example in the link. My concern is that if I'm doing File f = new File ("/abc/xyz/img/", path), and in path I'm traversing up using ../../ then can I access files outside /img/ folder? Is there any way possible where I could end up accessing files outside the directory mentioned in file constructor using the path traversal attack, because the file constructor doesn't resolve ../../ mentioned in 2nd parameter. – gaurav jain Dec 21 '15 at 13:47