Bug #859

MCP output files - non arbitrary location.

Added by Joseph Perry almost 11 years ago. Updated almost 9 years ago.

Status:VerifiedStart date:
Priority:LowDue date:
Assignee:Joseph Perry% Done:

0%

Category:-
Target version:Release 0.7
Google Code Legacy ID:archivematica-204 Pull Request:
Sponsored: Requires documentation:

Description

To not write to arbitrary file, force logging to the SIP directory.
This can be done by forcing sharedDirectory on to the logging file at the start and ensuring no ../ strings in the file.

[g] Legacy categories: Security

History

#1 Updated by Joseph Perry almost 11 years ago

  • Target version set to Release 0.7.2

[g] Labels added: Milestone-Release-0.7.2, Component-Security

#2 Updated by Joseph Perry over 10 years ago

  • Status changed from New to Verified

Limited access to the shared directory.
Committed r944.

#3 Updated by Joseph Perry over 10 years ago

Limited access to the shared directory.
Committed r945.

#4 Updated by Joseph Perry over 10 years ago

Limited access to the shared directory.
Committed r945.

#5 Updated by Joseph Perry over 10 years ago

  • Target version set to Release 0.7

[g] Labels added: Milestone-Release-0.7

Also available in: Atom PDF