Forum: Cfengine Help Subject: Re: please advise on cfengine3 security design best practices Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,19246,19257#msg-19257
The same concerns that prompted us to decide to remove the shell execution earlier. At that time, allowing && and || in the cfruncommand, combined with how cf-runagent parses, allows one to append shell commands manually. With the right know how, which I won't show here, I could make the remote agent run the normal cfruncommand plus an arbitrary shell command of my choosing. Is this still possible now? I agree that being able to have cfruncommand run multiple commands is a good thing but there has to be a safer way to do it if this has not been implemented already. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
