530 – Restrict /packages POST to buildsystem host IP

Bug 530 - Restrict /packages POST to buildsystem host IP

Summary: Restrict /packages POST to buildsystem host IP

Status:	RESOLVED FIXED

Alias:	None

Product:	Websites
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	trunk
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Atelier Team
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-03-24 17:56 CET by Romain d'Alverny
Modified:	2014-05-08 18:05 CEST (History)
CC List:	0 users

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Romain d'Alverny 2011-03-24 17:56:52 CET

The buildsystem posts to the maintainers db every package upload.

This post is protected with a secret key in buildsystem config, but we should as well control from maintdb that the poster IP address matches the one from the buildsystem host. Here, that is valstar.

$ host valstar.mageia.org
valstar.mageia.org has address 212.85.158.147
valstar.mageia.org has IPv6 address 2a02:2178:2:7::3


Reproducible: 

Steps to Reproduce:

Comment 1 Nicolas Vigier 2011-09-26 23:14:29 CEST

Closing as maintdb has been replaced by something else.

Status: NEW => RESOLVED
CC: (none) => boklm
Resolution: (none) => FIXED

Nicolas Vigier 2011-09-26 23:17:23 CEST

Component: maintdb.mageia.org => Other

Nicolas Vigier 2014-05-08 18:05:26 CEST

CC: boklm => (none)

Note You need to log in before you can comment on or make changes to this bug.