On 03/12/2014 09:25 PM, Vincent Bernat wrote:
I will add the user and provide a proper init script in the next
upload. However, I don't think that this fixes the core issues
reported. A user can still choose to run pen in another way and should
be protected by such issues.
The core issue being that it is possible to run pen with remote control
from untrusted hosts (or any host), should the administrator so desire.
I don't think it is possible to prevent active misconfiguration reliably
(e.g. Apache can trivially be configured to serve /etc/shadow to the
world). What could be done however is some combination of:
1. Refuse to open the control socket running as root.
2. Use a default, built in access list for the control socket which
denies from everywhere. The administrator can change the acl, but that
would be an active choice.
Finally, the CGI script is not installed by make install and I don't
think there is a good reason to distribute it.
Ulric
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]