ADC command security issue

124 views
Skip to first unread message

Sitaram Chamarty

unread,
Feb 16, 2011, 5:06:51 AM2/16/11
to gito...@googlegroups.com
Hello all,

Dylan Simon found a security hole in the ADC system. If
you're using ADCs (admin-defined commands), you need to use
one of the 2 patch files attached and update asap.

If you're not using ADCs this does not affect you. [Note:
the setperms/getperms commands are not ADCs; if that is all
you're using you should be fine. ADC's are enabled by
setting GL_ADC_PATH in the rc file.]

Please ugrade to v1.5.9.1 if you're on "master" or the
latest "pu" if you're on "pu".

My sincere apologies for missing this, and thanks once again
to Dylan for catching it and reporting it.

regards,

sitaram

Sitaram Chamarty

unread,
Feb 16, 2011, 7:14:05 AM2/16/11
to gito...@googlegroups.com
minor correction:

On Wed, Feb 16, 2011 at 03:36:51PM +0530, Sitaram Chamarty wrote:
> Hello all,
>
> Dylan Simon found a security hole in the ADC system. If
> you're using ADCs (admin-defined commands), you need to use
> one of the 2 patch files attached and update asap.

There is no patch file; sorry. Just get the latest commits
for master or pu from github as needed.

> If you're not using ADCs this does not affect you. [Note:
> the setperms/getperms commands are not ADCs; if that is all
> you're using you should be fine. ADC's are enabled by
> setting GL_ADC_PATH in the rc file.]
>
> Please ugrade to v1.5.9.1 if you're on "master" or the
> latest "pu" if you're on "pu".

this is correct

Reply all
Reply to author
Forward
0 new messages