Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sudo mode to enabling and disabling apps #2509

Merged
merged 1 commit into from
Dec 5, 2016
Merged

Add sudo mode to enabling and disabling apps #2509

merged 1 commit into from
Dec 5, 2016

Conversation

LukasReschke
Copy link
Member

Otherwise an administrator could bypass sudo mode by installing an app that allows RCE by design. I've by intention excluded the update endpoint from the requirement because updating apps should be as unintruisive as possible.

Not the cleanest approach by adding this to the AJAX endpoints instead of requiring a controller but for 11 this felt safer for me. We can clean this up together later then. (also the other AJAX endpoints in this folder do have the same logic)

Ref #2487

cc @nickvergessen @rullzer

Signed-off-by: Lukas Reschke lukas@statuscode.ch

@LukasReschke
Add sudo mode to enabling and disabling apps
becde58 
Otherwise an administrator could bypass sudo mode by installing an app that allows RCE by design. I've by intention excluded the update endpoint from the requirement because updating apps should be as unintruisive as possible.

Not the cleanest approach by adding this to the AJAX endpoints instead of requiring a controller but for 11 this felt safer for me. We can clean this up together later then. (also the other AJAX endpoints in this folder do have the same logic)

Ref #2487

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
@LukasReschke LukasReschke added 3. to review Waiting for reviews security labels Dec 5, 2016
@LukasReschke LukasReschke added this to the Nextcloud 11.0 milestone Dec 5, 2016
@mention-bot
Copy link

@LukasReschke, thanks for your PR! By analyzing the history of the files in this pull request, we identified @nickvergessen, @georgehrke and @icewind1991 to be potential reviewers.

@LukasReschke LukasReschke mentioned this pull request Dec 5, 2016
Closed
6 tasks
@MorrisJobke
Copy link
Member

Code looks good and it works 👍

@nickvergessen
Copy link
Member

👍

@MorrisJobke MorrisJobke added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Dec 5, 2016
@LukasReschke LukasReschke merged commit 7fe0270 into master Dec 5, 2016
@LukasReschke LukasReschke deleted the sudo-mode-for-app-enabling branch December 5, 2016 21:06
@violethaze74 violethaze74 mentioned this pull request Aug 28, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish security
Projects
None yet
Milestone
Nextcloud 11.0
Development

Successfully merging this pull request may close these issues.
4 participants
@LukasReschke @mention-bot @MorrisJobke @nickvergessen