cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item10648 (11 Apr 2012, GeorgeClark)Edit Attach

Item10648: Checking PATH for an insecure elements

pencil
Priority: Normal
Current State: Closed
Released In: 1.1.5
Target Release: patch
Applies To: Engine
Component: Configure
Branches: Release01x01 trunk
Reported By: JozefMojzis
Waiting For:
Last Change By: GeorgeClark
If the PATH contain insecure element (for example "~/bin") the configure
  • allow write this insecure path into LocalSite.cfg (on 1st run)
  • and after immediately fail with error message: Software error: Insecure directory in $ENV{PATH} while running with -T switch at
  • and the user must manually edit the LocalSite.cfg.

The configure should
  • check for path elements what are not given in absolute form,
  • allow setup the $Foswiki::cfg{SafeEnvPath}

BEFORE 1st save.

-- JozefMojzis - 18 Apr 2011

 
Topic revision: r12 - 11 Apr 2012, GeorgeClark - This page was cached on 18 Sep 2018 - 17:01.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy