Use HTTPS, not HTTP, in install scripts
2d7abfd9fa9aUnpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

Use HTTPS, not HTTP, in install scripts

Summary:
Via HackerOne. A researcher correctly reports that our install scripts use HTTP, not HTTPS, to fetch resources and execute them as root, which is a potentially significant vulnerability.

Instead, use HTTPS.

Test Plan: Verified that these URIs function correctly over HTTPS.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16958

Details

Provenance

epriestley <git@epriestley.com>

Authored on Nov 29 2016, 2:25 PM

Parents

rPHABd1838fa5ec5e: Close lightbox when clicking on image-frame

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHAB2d7abfd9fa9a: Use HTTPS, not HTTP, in install scripts (authored by epriestley <git@epriestley.com>).Nov 29 2016, 9:11 PM

Changes (1)

Path

Size

scripts/

install/

install_rhel-derivs.sh

rPHAB2d7abfd9fa9a

View Options

scripts/install/install_rhel-derivs.sh

Use HTTPS, not HTTP, in install scripts2d7abfd9fa9aUnpublishedActions