Current time: 11-24-2024, 04:36 AM Hello There, Guest! (LoginRegister)


Post Reply 
Critical security issue
Author Message
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #5
RE: Critical security issue
There are 2 ways to handle this issue:

1. Deal with the untarring and (fixed) permission handling in an inaccessible directory, mv the properly checked result to the user folder
2. Implement backup signing (we can easily implement a signature file which is calculated by encrypting the md5 hash of the archive file).

I'm strong in favour of the 2nd option, but open to your opinions...
08-30-2010 01:23 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
Critical security issue - sci2tech - 08-29-2010, 08:35 PM
RE: Minor security issue - gOOvER - 08-29-2010, 08:59 PM
RE: Minor security issue - sci2tech - 08-29-2010, 10:58 PM
RE: Critical security issue - sci2tech - 08-30-2010, 01:17 AM
RE: Critical security issue - kilburn - 08-30-2010 01:23 AM
RE: Critical security issue - sci2tech - 08-30-2010, 01:35 AM
RE: Critical security issue - iwik - 08-30-2010, 05:33 PM
RE: Critical security issue - sci2tech - 08-30-2010, 03:55 AM
RE: Critical security issue - kilburn - 08-30-2010, 06:44 PM
RE: Critical security issue - joximu - 08-30-2010, 07:01 PM
RE: Critical security issue - Nuxwin - 08-30-2010, 07:14 PM
RE: Critical security issue - joximu - 08-30-2010, 07:33 PM
RE: Critical security issue - BioALIEN - 08-30-2010, 11:19 PM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)