[TYPO3-core] RFC: #11368: ENABLE_INSTALL_TOOL file should be ignored if older than one hour
Marcus Krause
marcus#exp2009 at t3sec.info
Mon Jun 22 08:54:29 CEST 2009
Lars Houmark schrieb am 06/21/2009 11:10 PM Uhr:
> On 2009-06-21 14:09:16 -0500, bernd wilke <x00nsji02 at sneakemail.com> said:
>
>> I think this would break security. In case someone gets access to an
>> admin-account he can use install-tool at once (just one click).
>> In the moment you need another access to webspace to create this file,
>> which means additional security.
>> I know how to create this lock-file from BE with admin-access, but it is
>> not done within a minute.
>
> In reply to both you and Xavier.
>
> This have been discussed throughly in the security team. Below is what
> came out of the discussion.
You might remember that I was against the button. And I was and still am
of the same opinion as Bernd: One minute might be sufficent to notice a
breach in the Backend and to shutdown the system before the attacker is
able to compromise the complete system.
What I read in this RFC is that there's a consensus on the automatic
deletion. It definitely improves security.
A button would again reduce security.
That's why I'd like to see two different RFCs and voting. This one for
automatic deletion only (with keep alive).
And another one for the button in the backend that allows creation of
the ENABLE_INSTALL_TOOL file.
Thanks,
Marcus.
--
TYPO3 Security blog: http://secure.t3sec.info/
More information about the TYPO3-team-core
mailing list