Page MenuHomePhabricator
Differential D16958

Use HTTPS, not HTTP, in install scripts
ClosedPublic
Actions

Authored by epriestley on Nov 29 2016, 1:29 PM.
Tags
None
Referenced Files
F19074042: D16958.diff
Dec 1 2025, 4:05 AM
F18890814: D16958.id40818.diff
Nov 7 2025, 9:58 AM
F18874385: D16958.id40818.diff
Nov 5 2025, 2:21 PM
F18870450: D16958.diff
Nov 4 2025, 5:29 PM
F18866769: D16958.id40818.diff
Nov 3 2025, 7:16 PM
F18854080: D16958.diff
Oct 31 2025, 9:33 PM
F18776896: D16958.id40812.diff
Oct 11 2025, 12:00 AM
F18753386: D16958.id.diff
Oct 4 2025, 6:32 PM
View All Files
Subscribers
None

Details

Reviewers
chad
Commits
rP2d7abfd9fa9a: Use HTTPS, not HTTP, in install scripts
Summary

Via HackerOne. A researcher correctly reports that our install scripts use HTTP, not HTTPS, to fetch resources and execute them as root, which is a potentially significant vulnerability.

Instead, use HTTPS.

Test Plan

Verified that these URIs function correctly over HTTPS.

Diff Detail

Repository
rP Phabricator
Branch
https1
Lint
Lint Warnings
SeverityLocationCodeMessage
Warningscripts/install/install_rhel-derivs.sh:70TXT3Line Too Long
Unit
No Test Coverage
Build Status
Buildable 14700
Build 19205: Run Core Tests
Build 19204: arc lint + arc unit

Event Timeline

epriestley updated this revision to Diff 40812.Nov 29 2016, 1:29 PM
epriestley retitled this revision from to Use HTTPS, not HTTP, in install scripts.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad accepted this revision.Nov 29 2016, 2:37 PM
chad edited edge metadata.
This revision is now accepted and ready to land.Nov 29 2016, 2:37 PM
Closed by commit rP2d7abfd9fa9a: Use HTTPS, not HTTP, in install scripts (authored by epriestley, committed by epriestley). · Explain WhyNov 29 2016, 8:11 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
scripts/
install/
4 lines

Diff 40812

View Options

scripts/install/install_rhel-derivs.sh

Loading...
Phabricator · Built by Phacility