Security issue
Andreas Ericsson
ae at op5.se
Thu Nov 6 17:18:04 CET 2008
Andreas Ericsson wrote:
> Jim Perrin wrote:
>> On Thu, Nov 6, 2008 at 6:45 AM, Andreas Ericsson <ae at op5.se> wrote:
>>
>>> Hope that clears things up a bit.
>> Thanks for the rather thorough layman's explanation of this. Is there
>> an estimate for when these fixes will be rolled into the stable tree
>> for nagios?
>>
>
> In-form session token support was completed about five minutes ago. I'm
> doing some basic testing right now and will push this to my git repo at
> git://git.op5.org (as 'csrf' branch).
Pushed, along with all the discovered breakages when submitting commands
to Nagios (they're in the same branch). Please try it out. It should stash
session data in /tmp/.ncgi-form-session-tokens/<SHA1>, but will try to
create the folder if it doesn't exist.
For those that want an instant snapshot to play with that includes the
fixes, here's the link:
http://git.op5.org/git/?p=nagios.git;a=snapshot;h=0cbb25652a9cb7c3d7b1b56920f2df9281ebc947;sf=tgz
Note that it's created directly from the git repository and will unpack
to a directory named 0cbb25652a9cb7c3d7b1b56920f2df9281ebc947. It can be
compiled and installed as usual though.
Please report any breakages here on nagios-devel@ and try to avoid double-
postings. Thanks.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
More information about the Developers
mailing list