[mapserver-commits] r8824 - trunk/docs/development/rfc

svn at osgeo.org svn at osgeo.org
Wed Mar 25 21:11:29 EDT 2009 

Author: dmorissette
Date: 2009-03-25 21:11:28 -0400 (Wed, 25 Mar 2009)
New Revision: 8824

Added:
   trunk/docs/development/rfc/ms-rfc-56.txt
Log:
Initial revision

Added: trunk/docs/development/rfc/ms-rfc-56.txt
===================================================================
--- trunk/docs/development/rfc/ms-rfc-56.txt	                        (rev 0)
+++ trunk/docs/development/rfc/ms-rfc-56.txt	2009-03-26 01:11:28 UTC (rev 8824)
@@ -0,0 +1,205 @@
+.. _rfc56:
+
+======================================================================
+MS RFC 56: Tighten control of access to mapfiles and templates
+======================================================================
+
+:Date: 2009/03/24
+:Authors: Daniel Morissette
+:Contact: dmorissette at mapgears.com
+:Authors: Steve Lime
+:Contact: steve.lime at dnr.state.mn.us
+:Last Edited: 2009/03/24
+:Status: Draft
+:Version: MapServer 5.4.0, 5.2.2, and 4.10.4.
+:Id: $Id: $
+
+Overview
+------------------------------------------------------------------------------
+
+MapServer versions 5.2.1 and older could potentially be used to access 
+arbitrary files via the creation of mapfiles or templates in untrusted 
+directories.
+
+This RFC proposes a mechanism to tighten access control on mapfiles and 
+templates and limit the risk of leaking arbitrary file contents.
+
+The new access control mechanisms will be implemented and released in 
+MapServer 5.4.0, 5.2.2 and 4.10.4.
+
+
+Technical Solution
+------------------------------------------------------------------------------
+
+The following mechanisms will be put in place:
+
+* Enforce the requirement for the MAP keyword at the beginning of mapfiles and for the SYMBOLSET keyword at the beginning of SYMBOLSETs.
+
+* Require a Magic String at the beginning of all MapServer templates
+
+* Use of environment variables to control and restrict access to mapfiles by the mapserv CGI:
+
+  * MS_MAP_PATTERN
+  * MS_MAP_NO_PATH
+
+Each of the points above are described in more details in the following 
+sections.
+
+
+Enforce the requirement for the MAP and SYMBOLSET keywords
+------------------------------------------------------------------------------
+
+The MAP and SYMBOLSET keywords used to be optional at the beginning of
+mapfiles and symbolsets respectively.
+
+With this change, the MAP keyword will be required on the first line of
+mapfiles and the SYMBOLSET keyword required on the first line of symbolset
+files.
+
+If the keyword is missing then the parser will reject the file.
+
+
+Require a Magic String at the beginning of all MapServer templates
+------------------------------------------------------------------------------
+
+With this change, the first line of a template must contain the "MapServer 
+Template" magic string which can be surrounded by comment delimiters in the 
+format of the template to facilitate template editing (see examples below). 
+The first line of the template file will automatically be stripped from 
+the template and will not be included in the MapServer output.
+
+If the magic string is not found then the template will be rejected by 
+MapServer. 
+
+HTML template example:
+
+::
+
+  <!-- MapServer Template -->
+  <html>
+   <head>...</head>
+   <body>
+   ...
+   </body>
+  </html>
+
+
+XML template example:
+
+::
+
+  <!-- MapServer Template -->
+  <?xml version="1.0" encoding="UTF-8" ?>
+  <rootElement>
+    ...
+  </rootElement>
+
+
+GeoJSON template example:
+
+::
+
+ // MapServer Template
+   [resultset layer=foo] {
+ "type": "FeatureCollection",
+ "features": [
+  [feature trim=',']
+  {
+   "type": "Feature",
+   "id": "[id]",
+   "geometry": {
+    "type": "PointLineString",
+    "coordinates": [
+     {
+      "type": "Point",
+      "coordinates": [[x], [y]]
+     }
+    ]
+   },
+   "properties": {
+    "description": "[description]",
+    "venue": "[venue]",
+    "year": "[year]"
+   }
+  },
+  [/feature]
+  ]
+ }
+ [/resultset]
+
+
+MS_MAP_PATTERN Environment Variable
+------------------------------------------------------------------------------
+
+The optional MS_MAP_PATTERN environment variable, set via mod_env or other
+web server equivalents, can be used to specify a Regular Expression that 
+must be matched by all mapfile paths passed to the mapserv CGI. 
+
+If MS_MAP_PATTERN is not set then any .map file can be loaded.
+
+Example, use Apache's SetEnv directive to restrict mapfiles to 
+the /opt/mapserver/ directory and subdirectories:
+
+::
+
+  SetEnv MS_MAP_PATTERN "^/opt/mapserver/"
+
+
+MS_MAP_NO_PATH Environment Variable
+------------------------------------------------------------------------------
+
+The optional MS_MAP_NO_PATH environment variable can be set to any value
+via mod_env or other web server equivalents to forbid the use of explicit
+paths in the map=... URL parameter. Setting MS_MAP_NO_PATH to **any value**
+forces the use of the map=<env_variable_name> mechanism in mapserv CGI URLs.
+
+If this variable is not set then nothing changes and the mapserv CGI still
+accepts explicit file paths via the map=... URL parameter.
+
+Example, set set MS_MAP_NOPATH and some mapfile paths in Apache's httpd.conf:
+
+::
+
+  SetEnv MS_MAP_NO_PATH "foo"
+  SetEnv MY_MAPFILE "/opt/mapserver/map1/mymapfile.map"
+
+... and then calls the mapserv CGI must use environment variables for the
+map=... parameter:
+
+::
+
+  http://localhost/cgi-bin/mapserv?map=MY_MAPFILE&mode=...
+
+
+Backwards Compatibility Issues
+------------------------------------------------------------------------------
+
+The MAP and SYMBOLSET keywords must be added to any mapfile and 
+symbolset that did not contain them already.
+
+All MapServer templates must be updated to contain the "MapServer
+Template" magic string on the first line.
+
+The new environment variables are optional and will have no impact on 
+existing applications that don't use them.
+
+
+Files Impacted
+------------------------------------------------------------------------------
+
+* mapserver.h
+
+* maptemplate.c
+
+* mapserv.c
+
+
+Ticket Id
+------------------------------------------------------------------------------
+
+None yet.
+
+Voting History
+------------------------------------------------------------------------------
+
+No vote yet.

More information about the mapserver-commits mailing list