id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
255	Improve protection against 'intruder on server' scenario	rainer	rainer	"As noticed by xrx, shell expansion in configuration files may allow an intruder with root privileges on the server to make clients execute shell commands in configuration files (which seem a pretty common problem with many centralized systems, e.g. cfengine/puppet configuration systems, or HIDS with active response).

It is currently not possible to disable this feature, and checking the signature on signed configuration files occurs too late to prevent the problem."	enhancement	closed	major	2.8.5	main		fixed