[TYPO3-core] RFC: #11368: ENABLE_INSTALL_TOOL file should be ignored if older than one hour

[Lars Houmark]

On 2009-06-21 14:09:16 -0500, bernd wilke <x00nsji02 at sneakemail.com> said:

> I think this would break security. In case someone gets access to an
> admin-account he can use install-tool at once (just one click).
> In the moment you need another access to webspace to create this file,
> which means additional security.
> I know how to create this lock-file from BE with admin-access, but it is
> not done within a minute.

In reply to both you and Xavier.

This have been discussed throughly in the security team. Below is what 
came out of the discussion.

In the case you somehow gained admin access to a website, there is 
plenty of ways to create this file. There are extensions in the TER 
that can help you, and creating an extension that has this one 
objective is a fast job as, and can be re-used over and over.

The point to this is. For an evil person that not yet has admin access, 
but wants to get it, the install tool is the prime goal. Having the 
lock file, is the first thick locked door you need to get though. 
Unless it is open all the time :/

So it is indeed very important that this file is not available all the 
time and to achieve that, the file should be auto-deleted.

Making it possible to create the file directly in the backend may seem 
like a breach, but this is not the opinion of the security team, which 
as I wrote above, have been discussing this throughly recently.

+1 for adding it with the "keep-a-live" method of touching the file 
when using the install tool.

I will not recommend the following approach, but if you feel that this 
is bad for your local development installation, create an extension 
that somehow creates this file - for the rest of us, TYPO3 will now be 
more secure and less sites will be hacked through the install tool.

-- 
Lars Houmark
Member of the TYPO3 Security Team