Page MenuHomePhabricator
Differential D16958

Use HTTPS, not HTTP, in install scripts
ClosedPublic
Actions

Authored by epriestley on Nov 29 2016, 1:29 PM.
Tags
None
Referenced Files
F14708385: D16958.diff
Fri, Jan 17, 10:19 AM
Unknown Object (File)
Fri, Jan 3, 3:08 AM
Unknown Object (File)
Fri, Jan 3, 12:49 AM
Unknown Object (File)
Wed, Jan 1, 3:43 PM
Unknown Object (File)
Mon, Dec 30, 12:26 PM
Unknown Object (File)
Tue, Dec 24, 2:55 AM
Unknown Object (File)
Sun, Dec 22, 1:16 AM
Unknown Object (File)
Dec 17 2024, 8:20 AM
View All Files
Subscribers
None

Details

Reviewers
chad
Commits
rP2d7abfd9fa9a: Use HTTPS, not HTTP, in install scripts
Summary

Via HackerOne. A researcher correctly reports that our install scripts use HTTP, not HTTPS, to fetch resources and execute them as root, which is a potentially significant vulnerability.

Instead, use HTTPS.

Test Plan

Verified that these URIs function correctly over HTTPS.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 40812.Nov 29 2016, 1:29 PM
epriestley retitled this revision from to Use HTTPS, not HTTP, in install scripts.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad accepted this revision.Nov 29 2016, 2:37 PM
chad edited edge metadata.
This revision is now accepted and ready to land.Nov 29 2016, 2:37 PM
Closed by commit rP2d7abfd9fa9a: Use HTTPS, not HTTP, in install scripts (authored by epriestley, committed by epriestley). · Explain WhyNov 29 2016, 8:11 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
scripts/
install/
4 lines

Diff 40818

View Options

scripts/install/install_rhel-derivs.sh

Loading...
Phabricator · Built by Phacility