Ticket #2941 (closed defect: fixed)
Mapfile parser could leak sensitive data
|Reported by:||sdlime||Owned by:||sdlime|
|Component:||Documentation - MapServer||Version:||unspecified|
|Cc:||jmckenna, dmorissette, mko|
The MapServer mapfile parser could leak sensitive data by opening a arbitrary file and erroring out. Problem is that the error will output the offending token as part of an error message. It's possible then for someone to create a symlink to a sensitive file with the link named something.map and the CGI (if running as a privileged user) could return a portion (the first token) of that file.
An initial solution is to force the mapfile parser to look for the MAP token to start a file and if not present to issue a "this doesn't look like a mapfile" error.
Note this is not a complete fix. It's possible that in the future sensitive data files starting with the token MAP could be defined. We'll look for ways to tighten this up in an upcoming release (6.0).