Closed Bug 76109 Opened 23 years ago Closed 23 years ago

tinderbox system() calls, security

Tracking

(Not tracked)

Status:

RESOLVED FIXED

Milestone:

Future

People

(Reporter: zach, Assigned: mcafee)

Details

Zach Lipton [:zach]

Reporter

Description

•

23 years ago

It appears that tinderbox has a security hole. Several times, we use 
system() calls to call scripts with args, this is a Bad Thing (tm). We should 
use the argument form of system() or replace the .pl scripts with .pm's 
and call them with use. I talked to dmose on irc about this, and it appears 
real (though I wouldn't bet my life on it). Anyway, if it isn't, it doesn't really 
matter.

Chris McAfee

Assignee

Comment 1

•

23 years ago

tinderbox client or server?
Can you point out a specific example?

Target Milestone: --- → Future

timeless

Comment 2

•

23 years ago

i'd suspect server since the client isn't web interactive

Chris McAfee

Assignee

Comment 3

•

23 years ago

switched to arg form of system call for all system() calls
in the server that made sense.  marking fixed.

Status: NEW → RESOLVED

Closed: 23 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Updated

•

10 years ago

Product: Webtools → Webtools Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

tinderbox system() calls, security

Categories

(Webtools Graveyard :: Tinderbox, defect)

Tracking

(Not tracked)

People

(Reporter: zach, Assigned: mcafee)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Updated