Page MenuHomePhabricator

$wgExternalDiffEngine should have shell restrictions
Closed, ResolvedPublic


It appears that people can use any binary they want here, so I'm not exactly sure how well we can restrict this. But see for what needs to happen.

Event Timeline

Legoktm triaged this task as Medium priority.Dec 13 2017, 2:31 AM
Legoktm created this task.

I noticed this committed change, which modifies related code but is not associated with this issue. It appears to set access restrictions for the external diff engine, via CommandFactory::create() in CommandFactory.php. (This is the code that ultimately gets called when the external diff engine is invoked.)

Is there more to do here, or has the goal already been accomplished?

Yes, command execution is protected by default if it uses new APIs (as opposed to wfShellExec()), so unless the defaults (NO_ROOT | SECCOMP | PRIVATE_DEV | NO_LOCALSETTINGS) need tweaking this can be closed.