On 09/26/2014 09:12 PM, Nico Kadel-Garcia wrote:
On Fri, Sep 26, 2014 at 9:34 AM, Karanbir Singh mail-lists@karan.org wrote:
On 09/25/2014 08:41 PM, Nico Kadel-Garcia wrote:
Thinking about it, the git CentOS repository could possibly be vulnerable, depending on just how the git credentials are managed there I'd urge a check.
no shell out happens at git.centos.org
gitweb however, is exposed. As is anything that does a system() call.
Cool. I'm curious how you do it, but would understand not wanting to discuss that kind of security detail on a public mailing list.
Thinking further about it, if the web side uses something like Apache's 'mod_cgi', there are some separate risks there as well. I'd hope there's no inappropriate write access for the 'httpd' user, even if you're vulnerable. (I mention that for folks not as familiar with escalation attacks.)
http://i.imgur.com/1NCi07n.jpg