Remote execution is a major security concern, and the purpose of EXEC_ROOT is to limit access to a single directory hierarchy. However, limiting this directive to a single value may encourage overly-broad access. For example, to allow access to both /usr/local/bin/foo and ~/bin/bar, EXEC_ROOT = "/" is required, which is dangerously insecure. A workaround would be use a symlink (e.g. ln -s /usr/local/bin/foo ~/bin/foo) and enable FOLLOW_LINKS, but this is also less secure.
EXEC_ROOT should also accept an array of root directories, e.g. EXEC_ROOT = ["/usr/local/bin", "~/bin"].
There also needs to be more fine-grained access control, such as a list of allowed commands.
Remote execution is a major security concern, and the purpose of
EXEC_ROOTis to limit access to a single directory hierarchy. However, limiting this directive to a single value may encourage overly-broad access. For example, to allow access to both/usr/local/bin/fooand~/bin/bar,EXEC_ROOT = "/"is required, which is dangerously insecure. A workaround would be use a symlink (e.g.ln -s /usr/local/bin/foo ~/bin/foo) and enableFOLLOW_LINKS, but this is also less secure.EXEC_ROOTshould also accept an array of root directories, e.g.EXEC_ROOT = ["/usr/local/bin", "~/bin"].There also needs to be more fine-grained access control, such as a list of allowed commands.