Actions
Bug #953
closedlock down security issues
Status:
Resolved
Priority:
Immediate
Assignee:
Category:
monarch - general bugs
Target version:
Start date:
01/15/2003
Due date:
% Done:
0%
Estimated time:
Bugzilla-Id:
953
Description
monarch is able to execute arbitrary code on so the security issues need to be
looked into. at a minimum, we need to make sure that absolute paths are not
allowed in step code so that the filesystem can't be accessed outside the temp
directory. also need to make sure that certain commands are not executed in
different plugins. and example of this is the xterm command in sas that gives a
user a command line terminal into the system. the original perl script that was
monarch looked for any x* commands and threw an exception if they existed in
submitted code.
Actions