You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So IMO, there either shouldn't be an (insecure) default location configured, or at least the wiki documentation should very clearly state that the default should be changed prior to any production deployment.
blt@ suggests this issue may be interesting for more than just scripts:
Depends on what cernan is shipping of course, but, yeah. I guess it is. The wiki should be amended. I'm open to suggestions for alternative behavior. My main thinking when I wrote this was that it's easy to screw up the operation of cernan by fiddling with those files. We never implemented checksums or recovery for queue files, on account of there not being a call for them at the time of implementation.
Weak area, generally.
Oh, you're talking about scripts here. Well, both are probably unsafe. If you craft a special purpose queue file for, say, the kafka sink you can get cernan to ship whatever you want. Same deal for scripts.
The text was updated successfully, but these errors were encountered:
My comment from the security review (#461):
Is this essentially insecure by default? If it’s insecure with the default setting that should probably at minimum be called out explicitly in the wiki.
https://github.com/postmates/cernan/wiki/Configuration#Scripts-Directory
So IMO, there either shouldn't be an (insecure) default location configured, or at least the wiki documentation should very clearly state that the default should be changed prior to any production deployment.
blt@ suggests this issue may be interesting for more than just scripts:
Depends on what cernan is shipping of course, but, yeah. I guess it is. The wiki should be amended. I'm open to suggestions for alternative behavior. My main thinking when I wrote this was that it's easy to screw up the operation of cernan by fiddling with those files. We never implemented checksums or recovery for queue files, on account of there not being a call for them at the time of implementation.
Weak area, generally.
Oh, you're talking about scripts here. Well, both are probably unsafe. If you craft a special purpose queue file for, say, the kafka sink you can get cernan to ship whatever you want. Same deal for scripts.
The text was updated successfully, but these errors were encountered: