Topic on User talk:Peachey88

Jump to navigation Jump to search
Sigbert (talkcontribs)

Hi, I would like to know what was the security issues with the extension. Can you tell me what the problems was or where I can look for it? Thanks --Sigbert (talk) 15:13, 4 December 2013 (UTC)

Jan Steinman (talkcontribs)

I've done some digging, and it appears that it could allow arbitrary shell commands to be executed, such as "rm -rf".

It's a shame this got deleted instead of fixed. They did the same thing to the SQL2Wiki extension that I use extensively, in a safe manner. Why does "momma wiki" think we need protection from ourselves? Wasn't the stern warning at the top of these extensions enough?

Peachey88 (talkcontribs)

Because you would think people pay attention when there is a security warning, But like most extension repositories people don't.

If someone was wanting to fix it, They can (I will even un-delete or give them the code sources), But when they were deleted they had the warnings for 12+ months with no action on it.

Sigbert (talkcontribs)

Thanks for the info. Actually I'am not interested to access the code (except maybe for study purposes :), but I'am thinking about adding access to Gnuplot to my Extension:R. If it is just shell access via the tickmarks then I have similar problem in R and octave too. The solution there could be applied for Gnuplot as well.

Reply to "Extension:Gnuplot"