Bug #4026
native_ms/dnscmd providers should use shell escaping when running commands
Pull request:
Fixed in Releases:
Found in Releases:
Description
The two Windows providers (native_ms/dnscmd) should escape incoming data which is currently passed straight to the cmd.exe shell.
Assigning Sam as he's already looked a bit at this.
More discussion: https://github.com/theforeman/smart-proxy/pull/127/files#r8814677
Related issues
Associated revisions
History
#1
Updated by Dominic Cleal over 8 years ago
- Related to Feature #3991: dnscmd provider for smart-proxy (Windows) added
#2
Updated by Dominic Cleal over 8 years ago
- Description updated (diff)
#3
Updated by Stephen Benjamin over 8 years ago
- Related to Tracker #5409: DNS Proxy Improvements added
#4
Updated by Anonymous about 5 years ago
- Assignee changed from Sam Kottler to Dmitri Dolguikh
Dmitry, I guess this can be closed?
#5
Updated by Dmitri Dolguikh about 5 years ago
I don't think this can be closed -- dns_dnscmd provider doesn't escape data passed to it.
#6
Updated by The Foreman Bot about 1 year ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/smart-proxy/pull/796 added
#7
Updated by Anna Vítová about 1 year ago
- Assignee changed from Dmitri Dolguikh to Anna Vítová
#8
Updated by The Foreman Bot 10 months ago
- Fixed in Releases 3.1.0 added
#9
Updated by Anonymous 10 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset 9522669b7287b62a8bc073f6f8abb5554184e57d.
fixes #4026 - fixes #4026 secure Windows command execution