Werk #7631

Titel.sh files are not executed by fcgid anymore
Datum2017-02-14 13:56:30
Check_MK EditionCheck_MK Raw Edition (CRE)
Check_MK Version1.2.8p18
Level1 - Triviale Änderung
KlasseSecurity Fix
KompatibilitätCompatible - no manual interaction needed

When a authenticated user can place files with the extension ".sh" on the system and access it via the sites apache, the .sh file was executed in the context of the sites user account.

This has been an issue in OMD for a long time. The issue was existant in 1.2.8 till this fix. In the 1.4.0 branch it has already been fixed on 2016-05-06.