Projects tigase _server server-core Issues #484
Get Any File (#484)
Eric Dziewa opened 10 years ago
Due Date
2015-09-29

Works.

Not sure if allowing admin to leave tigase-server directory is a good idea ie. ../../../etc/passwd.

Daniel Wisnewski commented 9 years ago

Andrzej, are we okay with allowing directory navigation with this command?

Andrzej Wójcik (Tigase) commented 9 years ago

This commands are by default allowed to be executed only by server administrators, so I would say this is OK.

%kobit - do you agree?

Artur Hefczyc commented 9 years ago

I agree with Andrzej. An admin can even upload a new admin script which can do basically anything, so restricting directory navigation in this particular case does not help.

issue 1 of 1
Type
Bug
Priority
Normal
Assignee
RedmineID
3100
Version
tigase-server-7.1.0
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/server-core#484
Please wait...
Page is in error, reload to recover