View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000032 | bareos-core | file daemon | public | 2012-12-24 22:34 | 2015-03-25 19:19 |
| Reporter | mvwieringen | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Platform | OpenIndiana | OS | OpenIndiana | OS Version | b151a |
| Product Version | 13.1.0 | ||||
| Fixed in Version | 13.1.0 | ||||
| Summary | 0000032: Implementation of an allowed job command keyword | ||||
| Description | Implement an allowed Job command keyword in the filed that sets which of the different Job commands we should accept. | ||||
| Additional Information | Currently the filed will execute any Job command unless people specify the -b or -r option (backup only/restore only) which makes it a serious security concern by much of the bigger customers security officers. This new keyword implemented per director and a global one which is used as a fallback when a specific one for a specific director is not configured. We won't filter all the commands issues by the director only the important ones. Things which we allow to be filtered are: - backup - restore - verify - estimate - runscript | ||||
| Tags | No tags attached. | ||||
 |
TODO is creating a regression test. May be combined with test for 0000031 |
|
|
Fix committed to bareos master branch with changesetid 842. |
|
|
Fix committed to bareos2015 bareos-13.2 branch with changesetid 4398. |
|
|
Due to the reimport of the Github repository to bugs.bareos.org, the status of some tickets have been changed. These tickets will be closed again. Sorry for the noise. |
|
bareos: master 9096704e 2013-05-04 20:34
Ported: N/A Details Diff |
Implementation of an allowed job command keyword Implement an allowed Job command keyword in the filed that sets which of the different Job commands we should accept. Currently the filed will execute any Job command unless people specify the -b or -r option (backup only/restore only) which makes it a serious security concern by much of the bigger customers security officers. This new keyword implements a per director and a global list which is used as a fallback when a specific one for a specific director is not configured. We won't filter all the commands issued by the director only the important ones. Things which we allow to be filtered are: - backup - restore - verify - estimate - runscript Fixes 0000032: Implementation of an allowed job command keyword |
Affected Issues 0000032 |
|
| mod - src/filed/job.c | Diff File | ||
| mod - src/filed/filed_conf.h | Diff File | ||
| mod - src/filed/filed_conf.c | Diff File | ||
|
bareos2015: bareos-13.2 581fdfc7 2013-05-04 22:34 Ported: N/A Details Diff |
Implementation of an allowed job command keyword Implement an allowed Job command keyword in the filed that sets which of the different Job commands we should accept. Currently the filed will execute any Job command unless people specify the -b or -r option (backup only/restore only) which makes it a serious security concern by much of the bigger customers security officers. This new keyword implements a per director and a global list which is used as a fallback when a specific one for a specific director is not configured. We won't filter all the commands issued by the director only the important ones. Things which we allow to be filtered are: - backup - restore - verify - estimate - runscript Fixes 0000032: Implementation of an allowed job command keyword |
Affected Issues 0000032 |
|
| mod - src/filed/filed_conf.c | Diff File | ||
| mod - src/filed/filed_conf.h | Diff File | ||
| mod - src/filed/job.c | Diff File | ||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-12-24 22:34 | mvwieringen | New Issue | |
| 2012-12-24 22:34 | mvwieringen | Status | new => assigned |
| 2012-12-24 22:34 | mvwieringen | Assigned To | => mvwieringen |
| 2012-12-24 22:35 | mvwieringen | Product Version | 12.4.0 => 13.1.0 |
| 2012-12-24 22:35 | mvwieringen | Target Version | => 13.1.0 |
| 2012-12-24 22:35 | mvwieringen | Fixed in Version | => 13.1.0 |
| 2013-01-08 17:14 | mvwieringen | Summary | Implementation of an allowed job commands keyword => Implementation of an allowed job command keyword |
| 2013-01-08 17:14 | mvwieringen | Description Updated | |
| 2013-02-13 18:56 | mvwieringen | Changeset attached | => bareos master f5e0dd40 |
| 2013-02-13 18:56 | mvwieringen | Status | assigned => closed |
| 2013-02-13 18:56 | mvwieringen | Resolution | open => fixed |
| 2013-02-13 19:07 | mvwieringen | Assigned To | mvwieringen => |
| 2013-03-04 10:30 | mvwieringen | Product Version | => 13.1.0 |
| 2013-03-04 10:30 | mvwieringen | Fixed in Version | => 13.1.0 |
| 2013-05-24 12:52 | pstorz | Assigned To | => pstorz |
| 2013-05-24 12:52 | pstorz | Status | closed => resolved |
| 2013-07-04 13:07 | pstorz | Note Added: 0000486 | |
| 2013-07-11 09:03 |
|
Status | resolved => closed |
| 2013-07-11 09:03 |
|
Assigned To | pstorz => |
| 2013-08-13 03:12 |
|
Changeset attached | => bareos master 9096704e |
| 2013-08-13 03:12 |
|
Note Added: 0000624 | |
| 2013-08-13 03:12 |
|
Assigned To | => mvwieringen adm |
| 2013-08-13 03:12 |
|
Status | closed => resolved |
| 2013-08-13 08:44 |
|
Assigned To | mvwieringen adm => |
| 2013-08-13 08:44 |
|
Status | resolved => closed |
| 2015-03-25 16:51 | mvwieringen | Changeset attached | => bareos2015 bareos-13.2 581fdfc7 |
| 2015-03-25 16:51 | mvwieringen | Note Added: 0001430 | |
| 2015-03-25 16:51 | mvwieringen | Status | closed => resolved |
| 2015-03-25 19:19 | joergs | Note Added: 0001582 | |
| 2015-03-25 19:19 | joergs | Status | resolved => closed |
