View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000031 | bareos-core | file daemon | public | 2012-12-24 19:17 | 2015-03-25 19:19 |
| Reporter | mvwieringen | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Platform | OpenIndiana | OS | OpenIndiana | OS Version | b151a |
| Product Version | 13.1.0 | ||||
| Fixed in Version | 13.1.0 | ||||
| Summary | 0000031: Implementation of an allowed scriptdir keyword | ||||
| Description | Implement an allowed scriptdir keyword in the filed that sets the directories in which any runscript must be located so we can limit the attack surface of the filedaemon. | ||||
| Additional Information | Currently the filed will execute any script in any directory which makes it a serious security concern by much of the bigger customers security officers. This new keyword implemented per director and a global one which is used as a fallback when a specific one for a specific director is not configured. | ||||
| Tags | No tags attached. | ||||
 |
TODO is creating a regression test. May be combined with test for 0000032 |
|
|
Fix committed to bareos master branch with changesetid 843. |
|
|
Fix committed to bareos2015 bareos-13.2 branch with changesetid 4399. |
|
|
Due to the reimport of the Github repository to bugs.bareos.org, the status of some tickets have been changed. These tickets will be closed again. Sorry for the noise. |
|
bareos: master 334cfd5f 2013-05-04 20:34
Ported: N/A Details Diff |
Implementation of an allowed scriptdir keyword Implement an allowed scriptdir keyword in the filed that sets the directories in which any runscript must be located so we can limit the attack surface of the filedaemon. Currently the filed will execute any script in any directory which makes it a serious security concern by much of the bigger customers security officers. This new keyword implemented per director and a global one which is used as a fallback when a specific one for a specific director is not configured. Fixes 0000031: Implementation of an allowed scriptdir keyword |
Affected Issues 0000031 |
|
| mod - src/lib/runscript.h | Diff File | ||
| mod - src/lib/runscript.c | Diff File | ||
| mod - src/filed/job.c | Diff File | ||
| mod - src/filed/filed_conf.h | Diff File | ||
| mod - src/filed/filed_conf.c | Diff File | ||
|
bareos2015: bareos-13.2 a75ec62f 2013-05-04 22:34 Ported: N/A Details Diff |
Implementation of an allowed scriptdir keyword Implement an allowed scriptdir keyword in the filed that sets the directories in which any runscript must be located so we can limit the attack surface of the filedaemon. Currently the filed will execute any script in any directory which makes it a serious security concern by much of the bigger customers security officers. This new keyword implemented per director and a global one which is used as a fallback when a specific one for a specific director is not configured. Fixes 0000031: Implementation of an allowed scriptdir keyword |
Affected Issues 0000031 |
|
| mod - src/filed/filed_conf.c | Diff File | ||
| mod - src/filed/filed_conf.h | Diff File | ||
| mod - src/filed/job.c | Diff File | ||
| mod - src/lib/runscript.c | Diff File | ||
| mod - src/lib/runscript.h | Diff File | ||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-12-24 19:17 | mvwieringen | New Issue | |
| 2012-12-24 19:17 | mvwieringen | Status | new => assigned |
| 2012-12-24 19:17 | mvwieringen | Assigned To | => mvwieringen |
| 2012-12-24 22:34 | mvwieringen | Target Version | => 12.4.0 |
| 2012-12-24 22:34 | mvwieringen | Summary | Implementation of a allowed scriptdirs keyword => Implementation of an allowed scriptdirs keyword |
| 2012-12-24 22:34 | mvwieringen | Description Updated | |
| 2012-12-24 22:35 | mvwieringen | Target Version | 12.4.0 => 13.1.0 |
| 2012-12-24 22:35 | mvwieringen | Fixed in Version | 12.4.0 => 13.1.0 |
| 2013-01-08 17:12 | mvwieringen | Summary | Implementation of an allowed scriptdirs keyword => Implementation of an allowed scriptdir keyword |
| 2013-01-08 17:12 | mvwieringen | Description Updated | |
| 2013-02-13 18:56 | mvwieringen | Changeset attached | => bareos master 062821ce |
| 2013-02-13 18:56 | mvwieringen | Status | assigned => closed |
| 2013-02-13 18:56 | mvwieringen | Resolution | open => fixed |
| 2013-02-13 19:08 | mvwieringen | Assigned To | mvwieringen => |
| 2013-03-04 10:29 | mvwieringen | Product Version | => 13.1.0 |
| 2013-03-04 10:29 | mvwieringen | Fixed in Version | => 13.1.0 |
| 2013-05-24 12:52 | pstorz | Assigned To | => pstorz |
| 2013-05-24 12:52 | pstorz | Status | closed => resolved |
| 2013-07-04 13:07 | pstorz | Note Added: 0000485 | |
| 2013-07-11 08:59 |
|
Status | resolved => closed |
| 2013-07-11 08:59 |
|
Assigned To | pstorz => |
| 2013-08-13 03:12 |
|
Changeset attached | => bareos master 334cfd5f |
| 2013-08-13 03:12 |
|
Note Added: 0000625 | |
| 2013-08-13 03:12 |
|
Assigned To | => mvwieringen adm |
| 2013-08-13 03:12 |
|
Status | closed => resolved |
| 2013-08-13 08:45 |
|
Assigned To | mvwieringen adm => |
| 2013-08-13 08:45 |
|
Status | resolved => closed |
| 2015-03-25 16:51 | mvwieringen | Changeset attached | => bareos2015 bareos-13.2 a75ec62f |
| 2015-03-25 16:51 | mvwieringen | Note Added: 0001431 | |
| 2015-03-25 16:51 | mvwieringen | Status | closed => resolved |
| 2015-03-25 19:19 | joergs | Note Added: 0001583 | |
| 2015-03-25 19:19 | joergs | Status | resolved => closed |
