Issue #3498
closed
gpg_cmd configuration option should not be accepted in repo config or overrides
Description
As a user, I can specify a gpg_cmd option in the plugin's distributor config, which will override the plugin config.
This has security implications, since it allows a potentially malicious user to execute commands remotely on the pulp server as user apache.
The fix is not entirely straightforward. I think one would want a per-config-type allowed options.
Related issues
Updated by mihai.ibanescu@gmail.com over 6 years ago
- Copied from Issue #3474: gpg_cmd configuration option should not be accepted in repo config or overrides added
Updated by mihai.ibanescu@gmail.com over 6 years ago
Added by Mihai Ibanescu over 6 years ago
Updated by Anonymous over 6 years ago
- Status changed from NEW to MODIFIED
Applied in changeset 1c51268d91fbaee1e74bb9b842523d43ac13dd24.
Added by Mihai Ibanescu over 6 years ago
Revision f86d8a88 | View on GitHub
gpg_cmd is not allowed as plugin or override configuration
Since the command configured with gpg_cmd executes remotely as user apache, a user should not be allowed to change it via a distributor config or an override at publish time.
Fixes #3498 https://pulp.plan.io/issues/3498
Change-Id: I88cdb4f51c237b1157e7424863df7049269939ca (cherry picked from commit 1c51268d91fbaee1e74bb9b842523d43ac13dd24)
Updated by Anonymous over 6 years ago
Applied in changeset f86d8a88586c958a8fb6ea4f5d75aa9f533aaa24.
Updated by daviddavis over 6 years ago
- Status changed from 5 to CLOSED - CURRENTRELEASE
.
gpg_cmd is not allowed as plugin or override configuration
Since the command configured with gpg_cmd executes remotely as user apache, a user should not be allowed to change it via a distributor config or an override at publish time.
Fixes #3498 https://pulp.plan.io/issues/3498
Change-Id: I88cdb4f51c237b1157e7424863df7049269939ca