You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a secure environment it is not acceptable to download and execute a script as root, that came from an untrusted source.
The certbot repository is cloned from GitHub without checking against trusted signatures. An attacker compromising the GitHub account might alter existing releases, so that this role would force update and execute the malicious code as root.
A first step could be to run certbot in webroot mode instead of standalone and use the already installed python -m SimpleHTTPServer to serve the content of this directory for the acme-challenge. Optionally an existing server can be used that is configured to serve /.well-known/acme-challenge/ from the output directory.
The text was updated successfully, but these errors were encountered:
In a secure environment it is not acceptable to download and execute a script as root, that came from an untrusted source.
The certbot repository is cloned from GitHub without checking against trusted signatures. An attacker compromising the GitHub account might alter existing releases, so that this role would force update and execute the malicious code as root.
A first step could be to run certbot in
webroot
mode instead ofstandalone
and use the already installedpython -m SimpleHTTPServer
to serve the content of this directory for the acme-challenge. Optionally an existing server can be used that is configured to serve/.well-known/acme-challenge/
from the output directory.The text was updated successfully, but these errors were encountered: