Strict validation of PATH when running as root in case it could contain potentially unsafe binaries
This commit is contained in:
parent
205c419a7a
commit
a0914e1369
GPG key ID:
03906B4110AAD3B8
3 changed files with 109 additions and 0 deletions
|
|
@ -13,6 +13,8 @@
|
|||
* Add support for detecting Flatpaks and Snaps.
|
||||
* Stricter validation of harvests to ensure that they meet the schema and don't contain unsafe artifacts (e.g symlinks pointing outside the artifact tree)
|
||||
* Perform harvest validation before trying to manifest from it.
|
||||
* Stricter validation on FQDN name in multisite mode.
|
||||
* Strict check of `$PATH` when running harvest as root, in case it could lead to execution of unsafe binaries during harvest. Override with `--assume-safe-path` for non-interactive or CI purposes.
|
||||
|
||||
# 0.6.0
|
||||
|
||||
|
|
|
|||
Reference in a new issue