Branch: refs/heads/master
Home:
https://github.com/Checkmk/checkmk
Commit: 0608b85b178a720bd99f028de3590b0c65e4c1da
https://github.com/Checkmk/checkmk/commit/0608b85b178a720bd99f028de3590b0c6…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-05-28 (Tue, 28 May 2024)
Changed paths:
A .werks/15200.md
M cmk/active_checks/check_sftp.py
M cmk/gui/plugins/wato/active_checks/sftp.py
M tests/unit/cmk/active_checks/test_check_sftp.py
Log Message:
-----------
15200 SEC Restrict check_sftp local paths
check_sftp now only allows uploading files from and downloading files to
a dedicated directory in SITE_HOME/var. While the names and general
meaning of the command line arguments remain unchanged, paths are now
always interpreted relative to that dedicated directory.
Attempting to escape from this directory (path traversal) will cause the
check to abort and fail.
Change-Id: Iaa369dfbfdad9140fb8367514fd68a578b40c5e8
To unsubscribe from these emails, change your notification settings at
https://github.com/Checkmk/checkmk/settings/notifications