#255 closed enhancement (fixed)
Improve protection against 'intruder on server' scenario
Reported by: | rainer | Owned by: | rainer |
---|---|---|---|
Priority: | major | Milestone: | 2.8.5 |
Component: | main | Version: | |
Keywords: | Cc: |
Description
As noticed by xrx, shell expansion in configuration files may allow an intruder with root privileges on the server to make clients execute shell commands in configuration files (which seem a pretty common problem with many centralized systems, e.g. cfengine/puppet configuration systems, or HIDS with active response).
It is currently not possible to disable this feature, and checking the signature on signed configuration files occurs too late to prevent the problem.
Change History (2)
comment:1 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:2 by , 13 years ago
Changeset [374] also disables the option to set the prelink path and (for the processcheck module) the option to set the ps path and argument when --disable-shellexpand is used.
Added option to disable shell expansion in configuration files. Also, gpg signature is checked earlier. Committed as changeset [347].