Changeset 1947


Ignore:
Timestamp:
Dec 30, 2008, 7:52:50 PM (16 years ago)
Author:
price
Message:

fix pts mem vulnerability, with new -encrypt option

Location:
trunk/packages/invirt-web
Files:
1 added
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/packages/invirt-web/code/getafsgroups.py

    r1318 r1947  
    2929
    3030def getAfsGroupMembers(group, cell):
    31     p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell],
     31    p = subprocess.Popen(["pts", "membership", "-encrypt", group, '-c', cell],
    3232                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    3333    err = p.stderr.read()
  • trunk/packages/invirt-web/config.todo

    r1789 r1947  
    55files/etc/apache2/sites-available/default: assumes trac
    66files/etc/init.d/apache2.invirt: afs cell (for svn)
     7invirt-cache-acls: aklog athena sipb
    78code/templates/error.tmpl: xvm@mit.edu
    89code/templates/help.tmpl: assumes trac
  • trunk/packages/invirt-web/debian/changelog

    r1855 r1947  
    11invirt-web (0.0.16) unstable; urgency=low
     2
     3  * Fix a security vulnerability: traditional `pts mem` is in cleartext
     4    and could be spoofed.  Use new -encrypt option, which needs tokens.
    25
    36  * make initscript stop command not leave apache2 processes lying around
    47    (so that restart works)
    58
    6  -- Greg Price <price@mit.edu>  Fri, 19 Dec 2008 22:34:31 -0500
     9 -- Greg Price <price@mit.edu>  Tue, 30 Dec 2008 17:31:48 -0500
    710
    811invirt-web (0.0.15) unstable; urgency=low
  • trunk/packages/invirt-web/debian/invirt-web.cron.d

    r1318 r1947  
    66MAILTO=root
    77
    8 */5 * * * * www-data python /var/www/invirt-web/cache_acls.py
     8*/5 * * * * www-data invirt-cache-acls
  • trunk/packages/invirt-web/debian/invirt-web.install

    r1318 r1947  
    11files/* .
     2invirt-cache-acls /usr/bin/
Note: See TracChangeset for help on using the changeset viewer.