Forum OpenACS Q&A: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!)


	The Toolkit for Online Communities 15939 Community Members, 0 members online, 2358 visitors today			Log In	Register

Forum OpenACS Q&A: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!)

OpenACS Home : Forums : OpenACS Q&A : Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!) : One Message

Back to OpenACS Q&A

8: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!) (response to 1)

Posted by Ola Hansson on 05/28/04 07:40 PM

Tom, Jeff explained it here: http://openacs.org/forums/message-view?message_id=182057

Once someone has an admin account on OpenACS he could install acs-developer-support and and execute code via the its tcl shell feature.

This is not restricted to just 5.1, I believe...

23: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!) (response to 8)

Posted by Steve Manning on 05/29/04 03:49 PM

>
>Once someone has an admin account on OpenACS he could install acs-developer-support and and execute code via the its tcl shell feature.
>

If acs-developer-support is such a powerful tool why make it available for install from the repository? Atleast if it was a local install only you would need access to the local file system before being able to install it.

- Steve

Back to OpenACS Q&A