Content
View differences
Updated by Jens Ulferts about 11 years ago
<ins>Problem</ins>
When repositories of type filesystem are activated in an OpenProject installation, users with the permission to manage repositories can configure the repository in their project in such a way that they can see all contents of the filesystem the OpenProject installation is running on. This is only limited by the file permissions the OS user running the OpenProject installation has on the filesystem. This circumvents all privacy mechanisms (e.g. memberships) OpenProject enforces.
The problem occurs because there is no limitation on the path a user can specify as the root of the repository. Therefore he can specify paths such as “/”.
<ins>Solution</ins>
Patched versions of OpenProject require to explicitly specify the folders accessible for filesystem based repositories. This is to be done in the configuration.yml and as such requires permission (console access) on the filesystem itself. Only the paths whitelisted can henceforth be used as the path to a filesystem based repository. If no directory is whitelisted, the option to activate filesystem based repositories is deactivated. Existing filesystem repositories, who’s path is not whitelisted are disabled and will only become enabled again once they are whitelisted.
<ins>Affected versions</ins>
- 3.x
- 4.x
When repositories of type filesystem are activated in an OpenProject installation, users with the permission to manage repositories can configure the repository in their project in such a way that they can see all contents of the filesystem the OpenProject installation is running on. This is only limited by the file permissions the OS user running the OpenProject installation has on the filesystem. This circumvents all privacy mechanisms (e.g. memberships) OpenProject enforces.
The problem occurs because there is no limitation on the path a user can specify as the root of the repository. Therefore he can specify paths such as “/”.
<ins>Solution</ins>
Patched versions of OpenProject require to explicitly specify the folders accessible for filesystem based repositories. This is to be done in the configuration.yml and as such requires permission (console access) on the filesystem itself. Only the paths whitelisted can henceforth be used as the path to a filesystem based repository. If no directory is whitelisted, the option to activate filesystem based repositories is deactivated. Existing filesystem repositories, who’s path is not whitelisted are disabled and will only become enabled again once they are whitelisted.
<ins>Affected versions</ins>
- 3.x
- 4.x