Project

General

Profile

Actions

Bug #4026

closed

native_ms/dnscmd providers should use shell escaping when running commands

Added by Dominic Cleal almost 11 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Security
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

The two Windows providers (native_ms/dnscmd) should escape incoming data which is currently passed straight to the cmd.exe shell.

Assigning Sam as he's already looked a bit at this.

More discussion: https://github.com/theforeman/smart-proxy/pull/127/files#r8814677


Related issues 2 (1 open1 closed)

Related to Smart Proxy - Feature #3991: dnscmd provider for smart-proxy (Windows)ClosedMartin Matuška01/10/2014Actions
Related to Foreman - Tracker #5409: DNS Proxy ImprovementsNew

Actions
Actions

Also available in: Atom PDF