Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th September 2010, 19:20
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 13 Times in 7 Posts
Default Plugin system with version upgrade.

Hello .
Ispconfig is now beta testing the new release that will prevent users from getting the ispconfig password and hack the entire cloud.

This shoud be treated as top priority as a plugin or engine release not as a new version that needs ages to be tested.

Is not the first time that i say this, but ispconfig is adding alot of features but cant event respond to the gross bugs that are here for more than a year.

The problems in ispconfig are not the test time, is the teorical study that does not exist or i cant see it anywhere.

Resuming, using an engine that can be updated(patched) on a easy way is the only way to stop the continuous nasty bug creation on all versions until now.

Last edited by ivomendonca; 24th September 2010 at 19:27.
Reply With Quote
Sponsored Links
  #2  
Old 24th September 2010, 19:47
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,704
Thanks: 819
Thanked 5,321 Times in 4,174 Posts
Default

I've never heard of the bug you are talking about. So I'am not sure where you added this, but it is definately not in the bugtracker and has not been reported to dev [at] ispconfig [dot] org as all bugs get closed in a short time in ISPConfig.

For example as 3.0.2.2 was realesed, all known bugs in the bugtracker were fixed at that moment.

So if you think that you found a bug, please send a description to dev [at] ispconfig [dot] org or make a bugreport in the bugtracker.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 24th September 2010, 19:52
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 13 Times in 7 Posts
Default the bug was reported by an user in this forum

the bug was reported by an user and you said that is resolved is this latest version(beta).
Reply With Quote
  #4  
Old 24th September 2010, 19:57
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,704
Thanks: 819
Thanked 5,321 Times in 4,174 Posts
Default

There had been no bug that allowed a user to hack the whole cloud. Otherwise we had released a patch update for the 3.0.2.x series.

ISPConfig uses a version numbering scheme where the third number is for releases that introduce a lot new features like 3.0.3 (beta) and the fourth number is for patch releases. So 3.0.2.2 is the second patch release for the 3.0.2 series and there had been no critical security bugs in that series otherwise we would have released a 3.0.2.3 patch relaese.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 24th September 2010, 20:00
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 13 Times in 7 Posts
Default

what i have read is that a client using a php script the password will appear in the array.

I cant see that anywhere now, maybe a bad dream.

And my propose os to make plugin update to fix problems not entire system again.
Reply With Quote
  #6  
Old 24th September 2010, 20:06
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,704
Thanks: 819
Thanked 5,321 Times in 4,174 Posts
Default

Please post the exact thread you are referring to. I can assure you that all security related bugs get closed in a very short time. You can see that yourself in the bugtracker.

Also you should keep in mind that not every one who is posting to this forum is a Linux or security pro, so not every post where someone thought he found a critical security issue is really a security problem and some of these issues are also related to misconfigurations on a specific system and not even related to ISPConfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 24th September 2010, 20:09
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,704
Thanks: 819
Thanked 5,321 Times in 4,174 Posts
Default

Quote:
Resuming, using an engine that can be updated(patched) on a easy way is the only way to stop the continuous nasty bug creation on all versions until now.
One additional note to this sentence. Where do you have a problem with the ispconfig update? It taks less then a minute and downloads all changes automatically. Just run:

ispconfig_update.sh

on the shell and the script will even inform you if your system is already up to date. Additionally, ISPConfig has a newsletter ere you can subscribe yourself to get informed on updates by email.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 24th September 2010, 20:17
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 13 Times in 7 Posts
Default

Yes, i know how to update, im just saying that ispconf can use wget to update plugins with no need to go to ssh.

Thats why i use the "propose" word.
Reply With Quote
  #9  
Old 24th September 2010, 20:31
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 13 Times in 7 Posts
Default

I did not try this but, if it can be done will be like this.

Open http://yourdomain.com:8080

place a index.php and make a var_dump.

see if ispconfig $_session appears in your client site.
Reply With Quote
  #10  
Old 24th September 2010, 20:44
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,704
Thanks: 819
Thanked 5,321 Times in 4,174 Posts
 
Default

No client site has write access to these files.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
server Installation Configuration deco5003 Installation/Configuration 12 5th August 2009 12:00
error: File /root/rpm/SOURCES/postfix-2.3.3-vda.patch: No such file or directory mxtdn Installation/Configuration 1 25th July 2009 09:20
Step 11 Error:rpmbuild -ba postfix.spec tgxg00 Installation/Configuration 7 22nd April 2009 15:16
How to install OpenOficeOrg 3.0.0 in Ubuntu 8.04 ernesthagger HOWTO-Related Questions 43 23rd December 2008 14:42
The classic MySQL connect error swggy Installation/Configuration 13 10th April 2008 21:45


All times are GMT +2. The time now is 04:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.