Menu
▾
▴
Re: [Netatalk-admins] Request for Comment: Deprecate afprun functionality
|
From: Daniel M. <da...@mi...> - 2023-11-10 11:01:42
|
Hi Gregory, Thank you for the feedback! Do you have a concrete idea of how it can be implemented differently? It would be interesting to know the specific use cases that existed at the time this functionality was introduced, if someone in the crowd here recalls... Anyhow, since I haven't heard any voices in opposition, I will keep the removal of afprun on the roadmap for the next feature releases of netatalk. Cheers, Daniel On Sunday, October 22nd, 2023 at 7:18 AM, Gregory Carter <gjc...@gm...> wrote: > Yes and I think that functionality if required should have an updated implementation. > > On Sat, Oct 21, 2023 at 5:04 AM Daniel Markstedt <da...@mi...> wrote: > >> Dear Netatalk users, >> >> To continue with our mission to make Netatalk safer and more maintainable, I would like to propose removing "afprun" functionality from the next point release of Netatalk (3.2.0). >> >> Ticket for tracking: https://github.com/Netatalk/netatalk/issues/550 >> >> What this means, is that the following options will be removed: >> >> - preexec >> - root preexec >> >> - postexec >> - root postexec >> - preexec close >> - root preexec close >> - stat vol >> >> This code constitutes a major opportunity to run arbitrary shell commands (with root privileges) on the host, with all sorts of security implication. >> >> Do you have deployments of Netatalk that rely on the above? >> If so, we would love to know more about your use case! >> >> Thank you! >> >> Daniel >> >> _______________________________________________ >> Netatalk-admins mailing list >> Net...@li... >> https://lists.sourceforge.net/lists/listinfo/netatalk-admins |
