Project

General

Profile

Actions

Bug #4026

closed

native_ms/dnscmd providers should use shell escaping when running commands

Added by Dominic Cleal almost 11 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Security
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

The two Windows providers (native_ms/dnscmd) should escape incoming data which is currently passed straight to the cmd.exe shell.

Assigning Sam as he's already looked a bit at this.

More discussion: https://github.com/theforeman/smart-proxy/pull/127/files#r8814677


Related issues 2 (1 open1 closed)

Related to Smart Proxy - Feature #3991: dnscmd provider for smart-proxy (Windows)ClosedMartin Matuška01/10/2014Actions
Related to Foreman - Tracker #5409: DNS Proxy ImprovementsNew

Actions
Actions #1

Updated by Dominic Cleal almost 11 years ago

  • Related to Feature #3991: dnscmd provider for smart-proxy (Windows) added
Actions #2

Updated by Dominic Cleal almost 11 years ago

  • Description updated (diff)
Actions #3

Updated by Stephen Benjamin over 10 years ago

Actions #4

Updated by Anonymous over 7 years ago

  • Assignee changed from Sam Kottler to Anonymous

Dmitry, I guess this can be closed?

Actions #5

Updated by Anonymous over 7 years ago

I don't think this can be closed -- dns_dnscmd provider doesn't escape data passed to it.

Actions #6

Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/smart-proxy/pull/796 added
Actions #7

Updated by Anna Vítová over 3 years ago

  • Assignee changed from Anonymous to Anna Vítová
Actions #8

Updated by The Foreman Bot about 3 years ago

  • Fixed in Releases 3.1.0 added
Actions #9

Updated by Anonymous about 3 years ago

  • Status changed from Ready For Testing to Closed
Actions

Also available in: Atom PDF