Closed
Bug 76109
Opened 23 years ago
Closed 23 years ago
tinderbox system() calls, security
Categories
(Webtools Graveyard :: Tinderbox, defect)
Webtools Graveyard
Tinderbox
Tracking
(Not tracked)
RESOLVED
FIXED
Future
People
(Reporter: zach, Assigned: mcafee)
Details
It appears that tinderbox has a security hole. Several times, we use system() calls to call scripts with args, this is a Bad Thing (tm). We should use the argument form of system() or replace the .pl scripts with .pm's and call them with use. I talked to dmose on irc about this, and it appears real (though I wouldn't bet my life on it). Anyway, if it isn't, it doesn't really matter.
Assignee | ||
Comment 1•23 years ago
|
||
tinderbox client or server? Can you point out a specific example?
Target Milestone: --- → Future
Assignee | ||
Comment 3•23 years ago
|
||
switched to arg form of system call for all system() calls in the server that made sense. marking fixed.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•