summaryrefslogtreecommitdiff
path: root/SECURITY
diff options
context:
space:
mode:
authorSteve Kemp <steve@steve.org.uk>2012-11-19 08:42:24 +0000
committerSteve Kemp <steve@steve.org.uk>2012-11-19 08:42:24 +0000
commit50fe9d5cf7108c59ceb20a321555631e419c7f5c (patch)
treef974b24e9003fa90d3c511fd1f417c1af666370b /SECURITY
parent6994d7b7f24a91ccab92a4eec08a664f2543b459 (diff)
Updated
Diffstat (limited to 'SECURITY')
-rw-r--r--SECURITY12
1 files changed, 8 insertions, 4 deletions
diff --git a/SECURITY b/SECURITY
index b0e0b90..dc1c90a 100644
--- a/SECURITY
+++ b/SECURITY
@@ -4,9 +4,10 @@
custodian-enqueue
-----------------
- We open named files from the user to parse tests.
+ We open named files from the user to parse tests. The configuration file(s)
+ are currently opened by root, via /etc/service/custodian-enqueue. This should
+ be changed to run as a lower-privileged user.
- We don't run shell commands.
custodian-dequeue
@@ -17,11 +18,11 @@ Two tests pass arguments from the configuration file to the shell:
ping
http/https
-The hostname used to ping, and the url, are both passed directly to the shell with no encoding or sanitizing. The only issue is that the hostnames must match the following regular expression:
+The hostname used to ping, and the URL for web-tests, are both passed directly to the shell with no encoding or sanitizing. The only issue is that the hostnames must match the following regular expression:
^([^\s]+)\s+
-The following configuration file allows the specified command to be executed, as root, via the shell:
+The following configuration file allows the specified command to be executed, as the user running the dequeue tool, via the shell:
$(/home/steve/hg/custodian/exploit.sh) must ping otherwise "Owned".
@@ -31,6 +32,9 @@ Given that anybody who can talk to the beanstalkd server can submit JSON-encoded
` .. ` - Backticks.
; .. - Sub-commands.
+That has not yet been done, but it is definitely on the map.
+
+
General
-------