Ticket #450 (new defect)

Opened 1 year ago

Last modified 9 months ago

install script security

Reported by: klattimer Assigned to:
Priority: major Milestone: 0.2 - the refactoring
Component: Core Severity: catastrophic
Keywords: Cc:

Description (Last modified by klattimer)

The work required is simply a client side check on application pack scripts, removing lines believed to be malicious in nature.

Trim any lines from all scripts which contain a url that isn't included/allowed all wget, nc, mail commands should trimmed.

Two things are needed for this

  • URL inclusions list, urls which scripts can access without prejudice
  • List of dangerous commands including, commands which send data, commands which retrieve data from the internet.

Most of this can be easily defeated, ticket #393 will improve some of the inherent problems with this.

This is dependent on #449

Attachments

Change History

03/26/07 16:44:30 changed by klattimer

  • description changed.

05/08/07 04:51:54 changed by klattimer

  • milestone changed from 0.2 to 0.5 - Wine-Doors Server.

05/08/07 04:54:28 changed by klattimer

  • milestone changed from 0.5 - Wine-Doors Server to 1.0 - Enterprise.

10/04/07 04:02:14 changed by klattimer

  • milestone changed from 1.0 - Enterprise to 0.5 - Wine-Doors Server.

This should really be build into the appdb from the start.

12/08/07 17:29:14 changed by klattimer

  • milestone changed from 0.5 - Wine-Doors Server to 0.2 - the refactoring.

Add/Change #450 (install script security)