Fossil SCM
Make [/secaudit0] page aware of the Tcl integration opportunities.
Commit
2213a0eb2d413fc102d34b1b4bc6c56bc860cd63268ef75ca2336f7dd28ae998
Parent
a55042a01507c08…
1 file changed
+29
+29
| --- src/security_audit.c | ||
| +++ src/security_audit.c | ||
| @@ -275,10 +275,39 @@ | ||
| 275 | 275 | @ -DFOSSIL_ENABLE_TH1_DOCS flag, and/or clear the th1-docs setting |
| 276 | 276 | @ and ensure that the TH1_ENABLE_DOCS environment variable does not |
| 277 | 277 | @ exist in the environment.</p> |
| 278 | 278 | } |
| 279 | 279 | #endif |
| 280 | + | |
| 281 | +#if FOSSIL_ENABLE_TCL | |
| 282 | + @ <li><p> | |
| 283 | + if( db_get_boolean("tcl",0) ){ | |
| 284 | + #ifdef FOSSIL_ENABLE_TH1_DOCS | |
| 285 | + if( !Th_AreDocsEnabled() ){ | |
| 286 | + @ <b>DANGER:</b> | |
| 287 | + }else{ | |
| 288 | + @ <b>WARNING:</b> | |
| 289 | + } | |
| 290 | + #else | |
| 291 | + @ <b>WARNING:</b> | |
| 292 | + #endif | |
| 293 | + @ This server is compiled with -DFOSSIL_ENABLE_TCL and Tcl integration | |
| 294 | + @ is enabled for this repository. Anyone who can execute malicious | |
| 295 | + @ TH1 script on that server can also execute arbitrary Tcl script | |
| 296 | + @ under the identity of the operating system process of that server. | |
| 297 | + @ This is a serious security concern. | |
| 298 | + @ | |
| 299 | + @ <p>Disable Tcl integration by recompiling Fossil without the | |
| 300 | + @ -DFOSSIL_ENABLE_TCL flag, and/or clear the 'tcl' setting.</p> | |
| 301 | + }else{ | |
| 302 | + @ This server is compiled with -DFOSSIL_ENABLE_TCL. Tcl integration | |
| 303 | + @ is disabled for this particular repository, so you are safe for | |
| 304 | + @ now. However, to prevent potential problems caused by accidentally | |
| 305 | + @ enabling Tcl integration in the future, it is recommended that you | |
| 306 | + @ recompile Fossil without the -DFOSSIL_ENABLE_TCL flag.</p> | |
| 307 | + } | |
| 308 | +#endif | |
| 280 | 309 | |
| 281 | 310 | /* Anonymous users should not be able to harvest email addresses |
| 282 | 311 | ** from tickets. |
| 283 | 312 | */ |
| 284 | 313 | if( hasAnyCap(zAnonCap, "e") ){ |
| 285 | 314 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -275,10 +275,39 @@ | |
| 275 | @ -DFOSSIL_ENABLE_TH1_DOCS flag, and/or clear the th1-docs setting |
| 276 | @ and ensure that the TH1_ENABLE_DOCS environment variable does not |
| 277 | @ exist in the environment.</p> |
| 278 | } |
| 279 | #endif |
| 280 | |
| 281 | /* Anonymous users should not be able to harvest email addresses |
| 282 | ** from tickets. |
| 283 | */ |
| 284 | if( hasAnyCap(zAnonCap, "e") ){ |
| 285 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -275,10 +275,39 @@ | |
| 275 | @ -DFOSSIL_ENABLE_TH1_DOCS flag, and/or clear the th1-docs setting |
| 276 | @ and ensure that the TH1_ENABLE_DOCS environment variable does not |
| 277 | @ exist in the environment.</p> |
| 278 | } |
| 279 | #endif |
| 280 | |
| 281 | #if FOSSIL_ENABLE_TCL |
| 282 | @ <li><p> |
| 283 | if( db_get_boolean("tcl",0) ){ |
| 284 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 285 | if( !Th_AreDocsEnabled() ){ |
| 286 | @ <b>DANGER:</b> |
| 287 | }else{ |
| 288 | @ <b>WARNING:</b> |
| 289 | } |
| 290 | #else |
| 291 | @ <b>WARNING:</b> |
| 292 | #endif |
| 293 | @ This server is compiled with -DFOSSIL_ENABLE_TCL and Tcl integration |
| 294 | @ is enabled for this repository. Anyone who can execute malicious |
| 295 | @ TH1 script on that server can also execute arbitrary Tcl script |
| 296 | @ under the identity of the operating system process of that server. |
| 297 | @ This is a serious security concern. |
| 298 | @ |
| 299 | @ <p>Disable Tcl integration by recompiling Fossil without the |
| 300 | @ -DFOSSIL_ENABLE_TCL flag, and/or clear the 'tcl' setting.</p> |
| 301 | }else{ |
| 302 | @ This server is compiled with -DFOSSIL_ENABLE_TCL. Tcl integration |
| 303 | @ is disabled for this particular repository, so you are safe for |
| 304 | @ now. However, to prevent potential problems caused by accidentally |
| 305 | @ enabling Tcl integration in the future, it is recommended that you |
| 306 | @ recompile Fossil without the -DFOSSIL_ENABLE_TCL flag.</p> |
| 307 | } |
| 308 | #endif |
| 309 | |
| 310 | /* Anonymous users should not be able to harvest email addresses |
| 311 | ** from tickets. |
| 312 | */ |
| 313 | if( hasAnyCap(zAnonCap, "e") ){ |
| 314 |