The following commit has been merged in the openafs-stable-1_6_x branch:
commit 0b4cad31128623b1cf381384b8cf50336a86be9c
Author: D Brashear <[email protected]>
Date: Fri Jul 18 16:00:12 2014 -0400
vlserver: limit use of regex to admins always
allow regexes only if the querying user is a superuser.
if the superuser uses up all the resources, well, they could just do
whatever damage directly anyway. means even in unrestricted mode
we are not vulnerable
Reviewed-on: http://gerrit.openafs.org/11968
Reviewed-by: Daria Brashear <[email protected]>
Reviewed-by: Mark Vitale <[email protected]>
Tested-by: BuildBot <[email protected]>
Reviewed-by: Benjamin Kaduk <[email protected]>
(cherry picked from commit 049323e7e03c64f534a73ff452d218f19d5b8132)
Change-Id: I1e3f11bd14b071be69eb6e00c26ea2209596c82a
Reviewed-on: http://gerrit.openafs.org/11975
Tested-by: BuildBot <[email protected]>
Reviewed-by: Mark Vitale <[email protected]>
Reviewed-by: Michael Meffie <[email protected]>
Reviewed-by: Benjamin Kaduk <[email protected]>
Reviewed-by: Stephan Wiesand <[email protected]>
src/vlserver/vlprocs.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
