Branch: refs/heads/2.3.0
Home:
https://github.com/Checkmk/checkmk
Commit: 8096e67c7470a987d33d4c652d7bd31f92e00be0
https://github.com/Checkmk/checkmk/commit/8096e67c7470a987d33d4c652d7bd31f9…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
A .werks/15200.md
M active_checks/check_sftp
A cmk/active_checks/check_sftp.py
M cmk/gui/plugins/wato/active_checks/sftp.py
A tests/unit/cmk/active_checks/test_check_sftp.py
Log Message:
-----------
15200 SEC Restrict check_sftp local paths
check_sftp now only allows uploading files from and downloading files to
a dedicated directory in SITE_HOME/var. While the names and general
meaning of the command line arguments remain unchanged, paths are now
always interpreted relative to that dedicated directory.
Attempting to escape from this directory (path traversal) will cause the
check to abort and fail.
Change-Id: Iaa369dfbfdad9140fb8367514fd68a578b40c5e8
To unsubscribe from these emails, change your notification settings at
https://github.com/Checkmk/checkmk/settings/notifications