Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow securing the task runner #10

Open
Vectorial1024 opened this issue Dec 22, 2024 · 0 comments
Open

Allow securing the task runner #10

Vectorial1024 opened this issue Dec 22, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@Vectorial1024
Copy link
Owner

Currently, the task runner can be manually called with a correctly crafted command instruction. This is supposedly different from Laravel 11's new Concurrency module, which runs the task in a hidden Artisan command.

This allows attackers to just input whatever stuff into the command line to run arbitrary code.

We have 2 options:

  • Try to understand how this Concurrency module handles "hidden Artisan commands", and learn from them; or
  • Add a way for this library to verify the runner instruction is sent from itself, and is not from an outsider
@Vectorial1024 Vectorial1024 added the enhancement New feature or request label Dec 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Vectorial1024