Make script-based checks opt-in, like consul exec support #3087
Labels
theme/operator-usability
Replaces UX. Anything related to making things easier for the practitioner
type/enhancement
Proposed improvement or new feature
Comments
slackpad
added
type/enhancement
slackpad
added a commit
that referenced
this issue
Jul 17, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As pointed out in http://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html, and the resulting thread https://twitter.com/armon/status/869247551232385024, we should make enabling script checks opt-in given the power that's available there. With documentation we can tie enabling these into also enabling ACLs, which are already set up to prevent abuse if they are properly configured.
The text was updated successfully, but these errors were encountered: