Case RE-420: Previously, we ignored packages that were installed directly via the RPM binary or packages that were installed from repositories that had since been disabled. This led to elevations being allowed to continue when they should have been blocked due to packages being installed from unvetted sources. This could lead to services or other things being broken on the server after the elevation has completed. This change makes it so that we detect when packages are installed from disabled repositories and when packages are installed directly via the RPM binary.
Changelog: Block when packages are installed from a disabled repo
Case RE-420: Previously, we ignored packages that were installed directly via the RPM binary or packages that were installed from repositories that had since been disabled. This led to elevations being allowed to continue when they should have been blocked due to packages being installed from unvetted sources. This could lead to services or other things being broken on the server after the elevation has completed. This change makes it so that we detect when packages are installed from disabled repositories and when packages are installed directly via the RPM binary.
Changelog: Block when packages are installed from a disabled repo
By submitting pull requests to this repo, I agree to the Contributor License Agreement which can be found at: https://github.com/cpanel/elevate/blob/main/docs/cPanel-CLA.pdf