Facebook
Twitter
Hi there,
because of a mistake on my side, I discovered something that I think is weird; I don't know however if it should be considered as a bug...
Here comes the "header":
=====================
PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
Plesk Panel 11.5.30 Update #51, Ubuntu 12.04.5 LTS, Kernel 2.6.32, x64
PROBLEM DESCRIPTION
SSL-Certificate Upload-Page will display some "system" files when uploading a symbolic link
STEPS TO REPRODUCE
1) Create a symbolic link "file" to an interesting system file, e.g. "/etc/passwd"
2) Got to Domains->Secure your Site->Add SSL-Certificate
3) Upload the file as Certificate and Private key
4) Ignore the complaint about wrong formatted PEM-File
5) Read the contents of "/etc/passwd" in the Textbox below
ACTUAL RESULT
System file is displayed on the web
EXPECTED RESULT
Error message saying "no symbolic links allowed"
=====================
Fortunately Plesk doesn't run as root, so most really important files should be safe.
As I said, I don't know if this is really problematic, however I still think is should be changed.
Thank you very much in advance,
Alex
because of a mistake on my side, I discovered something that I think is weird; I don't know however if it should be considered as a bug...
Here comes the "header":
=====================
PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
Plesk Panel 11.5.30 Update #51, Ubuntu 12.04.5 LTS, Kernel 2.6.32, x64
PROBLEM DESCRIPTION
SSL-Certificate Upload-Page will display some "system" files when uploading a symbolic link
STEPS TO REPRODUCE
1) Create a symbolic link "file" to an interesting system file, e.g. "/etc/passwd"
2) Got to Domains->Secure your Site->Add SSL-Certificate
3) Upload the file as Certificate and Private key
4) Ignore the complaint about wrong formatted PEM-File
5) Read the contents of "/etc/passwd" in the Textbox below
ACTUAL RESULT
System file is displayed on the web
EXPECTED RESULT
Error message saying "no symbolic links allowed"
=====================
Fortunately Plesk doesn't run as root, so most really important files should be safe.
As I said, I don't know if this is really problematic, however I still think is should be changed.
Thank you very much in advance,
Alex
