[Fedora-directory-commits] adminserver/admserv/cgi-ds addindex.c, 1.2, NONE ds_bak2db.c, 1.2, NONE ds_db2bak.c, 1.2, NONE ds_db2ldif.c, 1.2, NONE ds_ldif2db.c, 1.2, NONE ds_rmdb.c, 1.2, NONE vlvindex.c, 1.2, NONE
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Wed Nov 14 17:51:57 UTC 2007
- Previous message (by thread): [Fedora-directory-commits] admservconsole/help/en/help add_crl_ckl.html, 1.1, 1.2 certificate_information_detail.html, 1.1, 1.2 certificate_request_wizard_introduction.html, 1.1, 1.2 configure_administration_server_access.html, 1.1, 1.2 configure_administration_server_configuration_ds.html, 1.1, 1.2 configure_administration_server_encryption.html, 1.1, 1.2 configure_administration_server_network.html, 1.1, 1.2 configure_administration_server_user_ds.html, 1.1, 1.2 create_user_administrator.html, 1.1, 1.2 host_information.html, 1.1, 1.2 logging_options.html, 1.1, 1.2 manage_certificates_ca_certs.html, 1.1, 1.2 manage_certificates_revoked_certs.html, 1.1, 1.2 select_organizational_unit.html, 1.1, 1.2 server_group_information.html, 1.1, 1.2 server_information.html, 1.1, 1.2 set_security_device_password_change_security_device_password.html, 1.1, 1.2 users_and_groups.html, 1.1, 1.2
- Next message (by thread): [Fedora-directory-commits] adminserver Makefile.am, 1.34, 1.35 aclocal.m4, 1.33, 1.34 configure, 1.37, 1.38 missing, 1.23, 1.24 install-sh, 1.23, 1.24 Makefile.in, 1.40, 1.41 depcomp, 1.23, 1.24 config.sub, 1.23, 1.24 config.guess, 1.23, 1.24 compile, 1.22, 1.23
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cgi-ds
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5290/adminserver/admserv/cgi-ds
Removed Files:
addindex.c ds_bak2db.c ds_db2bak.c ds_db2ldif.c ds_ldif2db.c
ds_rmdb.c vlvindex.c
Log Message:
Resolves: bug 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: nhosoi (Thanks!)
Fix Description: This is for the CGIs moved into adminserver from ds. There is quite a bit of code here that we don't use anymore. We can also get rid of Import.java and Export.java in the ds console code. This addresses the security issues because, even though the console doesn't ever call the tasks that invoke the CGIs for db2ldif, ldif2db, etc. a malicious user could still attempt to invoke a task remotely and pass in bogus file and directory names.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
--- addindex.c DELETED ---
--- ds_bak2db.c DELETED ---
--- ds_db2bak.c DELETED ---
--- ds_db2ldif.c DELETED ---
--- ds_ldif2db.c DELETED ---
--- ds_rmdb.c DELETED ---
--- vlvindex.c DELETED ---
- Previous message (by thread): [Fedora-directory-commits] admservconsole/help/en/help add_crl_ckl.html, 1.1, 1.2 certificate_information_detail.html, 1.1, 1.2 certificate_request_wizard_introduction.html, 1.1, 1.2 configure_administration_server_access.html, 1.1, 1.2 configure_administration_server_configuration_ds.html, 1.1, 1.2 configure_administration_server_encryption.html, 1.1, 1.2 configure_administration_server_network.html, 1.1, 1.2 configure_administration_server_user_ds.html, 1.1, 1.2 create_user_administrator.html, 1.1, 1.2 host_information.html, 1.1, 1.2 logging_options.html, 1.1, 1.2 manage_certificates_ca_certs.html, 1.1, 1.2 manage_certificates_revoked_certs.html, 1.1, 1.2 select_organizational_unit.html, 1.1, 1.2 server_group_information.html, 1.1, 1.2 server_information.html, 1.1, 1.2 set_security_device_password_change_security_device_password.html, 1.1, 1.2 users_and_groups.html, 1.1, 1.2
- Next message (by thread): [Fedora-directory-commits] adminserver Makefile.am, 1.34, 1.35 aclocal.m4, 1.33, 1.34 configure, 1.37, 1.38 missing, 1.23, 1.24 install-sh, 1.23, 1.24 Makefile.in, 1.40, 1.41 depcomp, 1.23, 1.24 config.sub, 1.23, 1.24 config.guess, 1.23, 1.24 compile, 1.22, 1.23
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list