Flag to prevent RCE
mkopinsky opened this issue · comments
Currently, ummon server allows running arbitrary commands via the API/the CLI app's ummon run
command. This isn't necessarily a security hole, as any user who can ummon run
a command could just as easily ummon task create
the command and then run it. However, that provides one step less auditability and security. It would be better if there were a flag in config.json
to require that you can only run a predefined task rather than an arbitrary command.