From 0b594cd3330366e8cb49c08dcc17ca92bbb8ddfb Mon Sep 17 00:00:00 2001 From: jvoisin Date: Fri, 23 Nov 2018 21:54:55 +0100 Subject: Document a bit more the threat model --- doc/source/features.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'doc/source/features.rst') diff --git a/doc/source/features.rst b/doc/source/features.rst index 540e982..dd35e2b 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst @@ -24,6 +24,7 @@ Unfortunately, passing user-controlled parameters to it often leads to arbitrary We're mitigating it by filtering the ``$``, ``|``, ``;``, `````, ``\n`` and ``&`` chars in our default configuration, making it a lot harder for an attacker to inject arbitrary commands. +This feature is even more effective when used along with :ref:`readonly_exec `. Examples of related vulnerabilities @@ -33,7 +34,7 @@ Examples of related vulnerabilities - `CVE-2014-4688 `_: Authenticated remote code execution on pfSense - `CVE-2014-1610 `_: Unauthenticated remote code execution on DokuWiki - `CVE-2013-3630 `_: Authenticated remote code execution on Moodle -- Every single shitty `modem/router/switch/IoT `_. +- Every single `modem/router/switch/IoT/… `_. ``mail``-related injections @@ -51,6 +52,7 @@ often meaning an arbitrary code execution. --- `The PHP documentation about mail `_ We're killing it by preventing any extra options in ``additional_parameters``. +This feature is even more effective when used along with :ref:`readonly_exec `. Examples of related vulnerabilities @@ -76,7 +78,7 @@ if you're planning to use it. This feature is roughly the same than the `Suhosin one `_. -Having a secret server-side key will prevent anyone (even the user himself) +Having a secret server-side key will prevent anyone (even the user) from reading the content of the cookie, reducing the impact of an application storing sensitive data client-side. -- cgit v1.3