Continuum

shell and ant scripts should not be configurable by the web interface

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 1.0-alpha-3
  • Component/s: Web interface
  • Labels:
    None
  • Number of attachments :
    0

Description

I think this is a security issue if absolute paths are allowed...

We should make all the scripts be relative to the checkout, or configured in the server configuration and selectable from a dropdown.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Jason van Zyl added a comment -

What if for the shell executor the script being in the checkout directory be stipulated and for an Ant executor that it be in the path? Then I can check to make sure people aren't using any ".." for the shell scripts and they just have to use the installed version of ant.

Show
Jason van Zyl added a comment - What if for the shell executor the script being in the checkout directory be stipulated and for an Ant executor that it be in the path? Then I can check to make sure people aren't using any ".." for the shell scripts and they just have to use the installed version of ant.
Hide
Permalink
Jason van Zyl added a comment -

The executable must be in the path or in the working directory. So there's no more security concern here.

Show
Jason van Zyl added a comment - The executable must be in the path or in the working directory. So there's no more security concern here.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.