bareos2015: bareos-13.2 a75ec62f

Author Committer Branch Timestamp Parent
mvwieringen mvwieringen bareos-13.2 2013-05-04 22:34 bareos-13.2 61f514ae Pending
Affected Issues  0000031: Implementation of an allowed scriptdir keyword
Changeset Implementation of an allowed scriptdir keyword

Implement an allowed scriptdir keyword in the filed that sets the
directories in which any runscript must be located so we can limit
the attack surface of the filedaemon.

Currently the filed will execute any script in any directory which
makes it a serious security concern by much of the bigger customers
security officers.

This new keyword implemented per director and a global one which is
used as a fallback when a specific one for a specific director is not
configured.

Fixes 0000031: Implementation of an allowed scriptdir keyword
mod - src/filed/filed_conf.c Diff File
mod - src/filed/filed_conf.h Diff File
mod - src/filed/job.c Diff File
mod - src/lib/runscript.c Diff File
mod - src/lib/runscript.h Diff File