TWiki WebNTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Please see the NTP Security Notice for vulnerability and mitigation details.Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
Package TWiki::Sandbox
This object provides an interface to the outside world. All calls to
system functions, or handling of file names, should be brokered by
this object.
On this page:
ClassMethod new ($os,$realOS)
Construct a new sandbox suitable for $os, setting flags for platform features that help. $realOS distinguishes Perl variants on platforms such as Windows.StaticMethod untaintUnchecked ($string) -> $untainted
Untaints $string without any checks (dangerous). If $string is undefined, return undef. The intent is to use this routine to be able to find all untainting places using grep.StaticMethod normalizeFileName ($string) -> $filename
Errors out if $string contains filtered characters. The returned string is not tainted, but it may contain shell metacharacters and even control characters.StaticMethod sanitizeAttachmentName ($fname) -> ($fileName,$origName)
Given a file name received in a query parameter, sanitise it. Returns the sanitised name together with the basename before sanitisation. Sanitisation includes filtering illegal characters and mapping client file names to legal server names.ObjectMethod sysCommand ($template,@params) -> ($data,$exit)
Invokes the program described by $template and @params, and returns the output of the program and an exit code. STDOUT is returned. STDERR is THROWN AWAY. The caller has to ensure that the invoked program does not react in a harmful way to the passed arguments. sysCommand merely ensures that the shell does not interpret any of the passed arguments.
TWiki Web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding NTP? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiSandboxDotPm