Tryton - Issues

 

Message17939

Author duesenfranz
Recipients ajacoutot, bch, ced, daniel, nicoe, sharkcz, yangoon
Date 2014-09-06.16:34:02
Content
I agree that getting rid of safe_eval is the best solution by far.

That said, calling it "not 100% safe" is an understatement, its not safe at all. (see "executing arbitrary commands is also possible")
I can't tell which code is really run, but authenticated tryton users being able to own the server is an issue (in my opinion)
History
Date User Action Args
2014-09-06 16:34:03duesenfranzsetmessageid: <1410014043.53.0.524905816251.issue4155@tryton.org>
2014-09-06 16:34:03duesenfranzsetrecipients: + ced, bch, yangoon, nicoe, sharkcz, daniel, ajacoutot
2014-09-06 16:34:03duesenfranzlinkissue4155 messages
2014-09-06 16:34:02duesenfranzcreate

Showing 10 items. Show all history (warning: this could be VERY long)