Paths

Table of Contentst

Use HTTPS, not HTTP, in install scripts
ClosedPublic
Actions

Authored by epriestley on Nov 29 2016, 1:29 PM.

Tags

None

Referenced Files

	F15491923: D16958.id40812.diff
	Sat, Apr 12, 8:57 AM

	F15488213: D16958.id40818.diff
	Thu, Apr 10, 8:22 PM

	F15481117: D16958.id.diff
	Tue, Apr 8, 6:18 PM

	F15477615: D16958.diff
	Mon, Apr 7, 4:37 PM

	F15446631: D16958.id40818.diff
	Thu, Mar 27, 7:39 PM

	F15446630: D16958.id40812.diff
	Thu, Mar 27, 7:39 PM

	F15442525: D16958.id.diff
	Wed, Mar 26, 11:46 PM

	F15441562: D16958.diff
	Wed, Mar 26, 6:48 PM

View All Files

Subscribers

None

Details

Reviewers

chad

Commits

rP2d7abfd9fa9a: Use HTTPS, not HTTP, in install scripts

Summary

Via HackerOne. A researcher correctly reports that our install scripts use HTTP, not HTTPS, to fetch resources and execute them as root, which is a potentially significant vulnerability.

Instead, use HTTPS.

Test Plan

Verified that these URIs function correctly over HTTPS.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 40812.Nov 29 2016, 1:29 PM

epriestley retitled this revision from to Use HTTPS, not HTTP, in install scripts.

epriestley updated this object.

epriestley edited the test plan for this revision. (Show Details)

epriestley added a reviewer: chad.

chad accepted this revision.Nov 29 2016, 2:37 PM

chad edited edge metadata.

This revision is now accepted and ready to land.Nov 29 2016, 2:37 PM

Closed by commit rP2d7abfd9fa9a: Use HTTPS, not HTTP, in install scripts (authored by epriestley, committed by epriestley). · Explain WhyNov 29 2016, 8:11 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

scripts/

install/

install_rhel-derivs.sh

4 lines

Diff 40818

View Options

scripts/install/install_rhel-derivs.sh

Use HTTPS, not HTTP, in install scriptsClosedPublicActions