Potential security issue

ghantoos / lshell

lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.

GNU General Public License v3.0

439 stars 111 forks source link

Potential security issue #217

Closed JamieSlome closed 1 month ago

JamieSlome commented 2 years ago

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@whokilleddb) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

ghantoos commented 1 month ago

Hi @JamieSlome,

After many years of not being able to look at lshell, I'm trying to refresh the project. Any chance you can send the details to ghantoos@ghantoos.org?

Thanks!