packages

History

Jo-Philipp Wich 22be9a1c01 cgi-io: require whitelisting upload locations Introduce further ACL checks to verify that the request-supplied upload location may be written to. This prevents overwriting things like /bin/busybox and allows to confine uploads to specific directories. To setup the required ACLs, the following ubus command may be used on the command line: ubus call session grant '{ "ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e", "scope": "cgi-io", "objects": [ [ "/etc/certificates/", "write" ], [ "/var/uploads/", "write" ] ] }' Signed-off-by: Jo-Philipp Wich <jo@mein.io>	2019-08-30 13:58:50 +02:00
..
src	cgi-io: require whitelisting upload locations	2019-08-30 13:58:50 +02:00
Makefile	cgi-io: require whitelisting upload locations	2019-08-30 13:58:50 +02:00

Jo-Philipp Wich 22be9a1c01 cgi-io: require whitelisting upload locations

Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.

To setup the required ACLs, the following ubus command may be used
on the command line:

ubus call session grant '{
  "ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
  "scope": "cgi-io",
  "objects": [
    [ "/etc/certificates/*", "write" ],
    [ "/var/uploads/*", "write" ]
  ]
}'

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

2019-08-30 13:58:50 +02:00

src

cgi-io: require whitelisting upload locations

2019-08-30 13:58:50 +02:00

Makefile

cgi-io: require whitelisting upload locations

2019-08-30 13:58:50 +02:00