0001288: safe_exec filter doesn't work - Mantis

Viewing Issue Simple Details [ Jump to Notes ]

[ << ] [ >> ]

[ View Advanced ] [ Issue History ] [ Print ]

ID

Category

Severity

Reproducibility

Date Submitted

Last Update

0001288

[SysCP] General

major

always

2010-03-08 13:30

2010-05-11 20:52

Reporter

massimo

View Status

public

Assigned To

Priority

normal

Resolution

fixed

Status

resolved

Product Version

1.4.2.1

Summary

0001288: safe_exec filter doesn't work

Description

The safe_exec function doesn't block commands which are not in the whitelist.

E.g. 'ln' is not in the $allowed_commands array, but the following works:

safe_exec("ln -s aaa bbb");

Additional Information

Tags

No tags attached.

patch [^] (596 bytes) 2010-03-08 13:30

Relationships

There are no notes attached to this issue.

SVN - commits
(#2741) flo 2010-05-11 19:55	fixing problem with colons in documentroot of domain and openbasedir, fixing problem with safe_exec executing unwanted binaries, fixes #1288 U branches/flo/laststable/lib/functions.php U branches/flo/laststable/scripts/cron_tasks.inc.http.10.apache.php U branches/flo/laststable/scripts/cron_tasks.inc.http.15.apache_fcgid.php

(#2744) flo 2010-05-11 20:52	fixing problem with colons in documentroot of domain and openbasedir, fixing problem with safe_exec executing unwanted binaries, fixes #1288 U trunk/syscp/lib/functions/filedir/function.makeSecurePath.php U trunk/syscp/lib/functions/filedir/function.safe_exec.php U trunk/syscp/lib/tables.inc.php U trunk/syscp/scripts/cron_tasks.inc.http.10.apache.php U trunk/syscp/scripts/cron_tasks.inc.http.15.apache_fcgid.php

Issue History
Date Modified	Username	Field	Change
2010-03-08 13:30	massimo	New Issue
2010-03-08 13:30	massimo	File Added: patch
2010-05-11 19:55	Flo	Checkin
2010-05-11 19:55	Flo	Status	new => resolved
2010-05-11 19:55	Flo	Resolution	open => fixed
2010-05-11 20:52	Flo	Checkin

Footer

© 2003-2008 the SysCP Team | Impressum | Sponsors | Bugtracker © 2000 - 2008 Mantis Group