Paths

Table of Contentst

Use HTTPS, not HTTP, in install scripts
ClosedPublic
Actions

Authored by epriestley on Nov 29 2016, 1:29 PM.

Tags

None

Referenced Files

	F14057869: D16958.diff
	Sun, Nov 17, 7:31 AM

	F14027209: D16958.id40812.diff
	Fri, Nov 8, 5:56 AM

	F14027154: D16958.id40818.diff
	Fri, Nov 8, 5:39 AM

	F14008960: D16958.diff
	Wed, Oct 30, 8:16 AM

	F14000373: D16958.diff
	Thu, Oct 24, 9:26 PM

	F13985263: D16958.diff
	Sun, Oct 20, 7:14 PM

	Unknown Object (File)
	Oct 10 2024, 5:16 PM

	Unknown Object (File)
	Sep 18 2024, 9:41 AM

View All Files

Subscribers

None

Details

Reviewers

chad

Commits

rP2d7abfd9fa9a: Use HTTPS, not HTTP, in install scripts

Summary

Via HackerOne. A researcher correctly reports that our install scripts use HTTP, not HTTPS, to fetch resources and execute them as root, which is a potentially significant vulnerability.

Instead, use HTTPS.

Test Plan

Verified that these URIs function correctly over HTTPS.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 40812.Nov 29 2016, 1:29 PM

epriestley retitled this revision from to Use HTTPS, not HTTP, in install scripts.

epriestley updated this object.

epriestley edited the test plan for this revision. (Show Details)

epriestley added a reviewer: chad.

chad accepted this revision.Nov 29 2016, 2:37 PM

chad edited edge metadata.

This revision is now accepted and ready to land.Nov 29 2016, 2:37 PM

Closed by commit rP2d7abfd9fa9a: Use HTTPS, not HTTP, in install scripts (authored by epriestley, committed by epriestley). · Explain WhyNov 29 2016, 8:11 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

scripts/

install/

install_rhel-derivs.sh

4 lines

Diff 40818

View Options

scripts/install/install_rhel-derivs.sh

Use HTTPS, not HTTP, in install scriptsClosedPublicActions