Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#255 closed enhancement (fixed)

Improve protection against 'intruder on server' scenario

Reported by: rainer Owned by: rainer
Priority: major Milestone: 2.8.5
Component: main Version:
Keywords: Cc:

Description

As noticed by xrx, shell expansion in configuration files may allow an intruder with root privileges on the server to make clients execute shell commands in configuration files (which seem a pretty common problem with many centralized systems, e.g. cfengine/puppet configuration systems, or HIDS with active response).

It is currently not possible to disable this feature, and checking the signature on signed configuration files occurs too late to prevent the problem.

Change History (2)

comment:1 Changed 10 years ago by rainer

Resolution: fixed
Status: newclosed

Added option to disable shell expansion in configuration files. Also, gpg signature is checked earlier. Committed as changeset [347].

comment:2 Changed 10 years ago by rainer

Changeset [374] also disables the option to set the prelink path and (for the processcheck module) the option to set the ps path and argument when --disable-shellexpand is used.

Note: See TracTickets for help on using tickets.