Bug #87450

Harden CommandUtility invocations

Added by Oliver Hader 8 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2019-01-15
Due date:
% Done:

100%

TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Associated revisions

Revision 71c15ee8 (diff)
Added by Oliver Hader 8 months ago

[BUGFIX] Harden CommandUtility invocations

In order to harden CommandUtility API arguments used for invoking
system commands are escaped in addition. Since no insecure usages
have been identified in the TYPO3 core nor in public third party
extensions, this change is handled using a public workflow.

| In order to evaluate whether third party extensions open a | potential attack vector, usages of CommandUtility::checkCommand(), | CommandUtility::getCommand() and the registration of custom services | ($GLOBALS[‘T3_SERVICES’]) concerning their ‘exec’ argument have to | be checked.

Resolves: #87450
Releases: master, 9.5, 8.7
Security-Advisory: TYPO3-PSA-2019-001
Change-Id: If4f2a63045ac7b2473881992f9731a635a768d37
Reviewed-on: https://review.typo3.org/59448
Tested-by: TYPO3com <>
Reviewed-by: Frank Naegler <>
Tested-by: Frank Naegler <>
Reviewed-by: Georg Ringer <>
Tested-by: Georg Ringer <>
Reviewed-by: Christian Kuhn <>
Tested-by: Christian Kuhn <>
Reviewed-by: Anja Leichsenring <>
Reviewed-by: Oliver Hader <>
Tested-by: Oliver Hader <>

Revision 8c382831 (diff)
Added by Oliver Hader 8 months ago

[BUGFIX] Harden CommandUtility invocations

In order to harden CommandUtility API arguments used for invoking
system commands are escaped in addition. Since no insecure usages
have been identified in the TYPO3 core nor in public third party
extensions, this change is handled using a public workflow.

| In order to evaluate whether third party extensions open a | potential attack vector, usages of CommandUtility::checkCommand(), | CommandUtility::getCommand() and the registration of custom services | ($GLOBALS[‘T3_SERVICES’]) concerning their ‘exec’ argument have to | be checked.

Resolves: #87450
Releases: master, 9.5, 8.7
Security-Advisory: TYPO3-PSA-2019-001
Change-Id: If4f2a63045ac7b2473881992f9731a635a768d37
Reviewed-on: https://review.typo3.org/59471
Tested-by: TYPO3com <>
Reviewed-by: Oliver Hader <>
Tested-by: Oliver Hader <>

Revision 5e7476a6 (diff)
Added by Oliver Hader 8 months ago

[BUGFIX] Harden CommandUtility invocations

In order to harden CommandUtility API arguments used for invoking
system commands are escaped in addition. Since no insecure usages
have been identified in the TYPO3 core nor in public third party
extensions, this change is handled using a public workflow.

| In order to evaluate whether third party extensions open a | potential attack vector, usages of CommandUtility::checkCommand(), | CommandUtility::getCommand() and the registration of custom services | ($GLOBALS[‘T3_SERVICES’]) concerning their ‘exec’ argument have to | be checked.

Resolves: #87450
Releases: master, 9.5, 8.7
Security-Advisory: TYPO3-PSA-2019-001
Change-Id: If4f2a63045ac7b2473881992f9731a635a768d37
Reviewed-on: https://review.typo3.org/59472
Tested-by: TYPO3com <>
Reviewed-by: Oliver Hader <>
Tested-by: Oliver Hader <>

History

#1 Updated by Gerrit Code Review 8 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/59448

#3 Updated by Gerrit Code Review 8 months ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/59471

#4 Updated by Oliver Hader 8 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#5 Updated by Gerrit Code Review 8 months ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/59472

#6 Updated by Oliver Hader 8 months ago

  • Status changed from Under Review to Resolved

#7 Updated by Benni Mack 4 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF