The following commit has been merged in the master branch:
commit 049323e7e03c64f534a73ff452d218f19d5b8132
Author: D Brashear <[email protected]>
Date: Fri Jul 18 16:00:12 2014 -0400
vlserver: limit use of regex to admins always
allow regexes only if the querying user is a superuser.
if the superuser uses up all the resources, well, they could just do
whatever damage directly anyway. means even in unrestricted mode
we are not vulnerable
Change-Id: Ib35d649f31e752ba5ae8373a06b67ea76f97425c
Reviewed-on: http://gerrit.openafs.org/11968
Reviewed-by: Daria Brashear <[email protected]>
Reviewed-by: Mark Vitale <[email protected]>
Tested-by: BuildBot <[email protected]>
Reviewed-by: Benjamin Kaduk <[email protected]>
src/vlserver/vlprocs.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
