Under Review
over 7 years ago

Post Migration Custom Command - Security Flaw

Is it possible to add a feature to the custom command post migration set-up that would restrict users from changing the variables defined in the custom command.  We restrict our end users from using the UNIX account that allows the ability to SSH.  If we define a custom command the user can put any command in the "command with parameters" window and compromise our server after selecting the run button during the post migration process.  We would like the ability to define the command but only allow the end user to execute the custom post migration as-is, preventing the user from adding or changing these variables.

This is a great feature but completely useless for us because of this security concern.

tim.rogers
  • over 7 years ago

    Tim,

    Your Welcome...

    Reducing the ssh timeout could have a negative impact.  

    In our environment to prevent Stat users from picking the wrong server, I wrote my own Post Migration script that based on the Environment code it would perform the Post migration on the required servers.  You can pick a server from the Server Drop down that was not even involved with Migration.   Also our post migration requirements have to be performed on more than one server, somethings as many as four.  So the Post Migration script I wrote will know all the servers.  The Server Drop down has only 1 server to pick from.   We have over 20 Active Oracle E-Biz environments and over 45 hosts so we really had no choice.  I had to made fool prove.

    Regards.

  • over 7 years ago

    Thanks Tom.  That did solve the problem for this specific issue, once the permissions were updated as you described the end users were no longer able to access the "Command with Parameters" field.  

    I'm curious if the other settings still available on the custom command variables screen would have any negative impact if changed by the end users.  I'll need to look closer at the security permissions and play around with these settings some more.  I know if deselect the SSH checkbox, which is still available, the custom command we created fails.  

    Pending some additional testing, I think the options still available should have the ability to be restricted as well to prevent any unwanted actions by the end users.  This permission change is also an all or nothing option, there may be instances where we would want the users to have the ability to edit.  I think the ability to lock this down should be by individual custom command and not a global setting.

    I really appreciate the feedback on this Tom.  I totally missed that permission during my review to set this up.  I might be able to use this custom command now which would allow our developers to compile their COBOL files on their own without intervention from the PS Admins.  

  • over 7 years ago

    I raised this same concern....  

    I opened a case with Quest and they responded with the solution below to protect Post migration commands from being changed during execution.

    There are two security rights that user should not have. They are located under Maintenance-General:

    - Post Migration Command Edit

    - Pre Migration Command Edit

    Let me know if this works for you.

    Regards.

    Tom Shaw