-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WARN when configuring UploadListenerService #661
Comments
The same config is being used for https://github.com/Netcentric/accesscontroltool/blob/develop/docs/ApplyConfig.md#startup-hook, though. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the
UploadListenerService
can be configured for arbitrary paths. Whenever some YAML is then placed in those paths, they are automatically executed with the service user (which is having lots of permissions).As this can easily lead to situations with privilege escalation (i.e. users can grant themselves or others permissions, even if they should not by just placing a YAML file in a certain directory)
Therefore the listener shouldn't be used in most of the cases and using it should lead to a WARN. Preferably only install hooks or JMX (which require admin permissions) should be used for installing YAMLs.
The text was updated successfully, but these errors were encountered: