10f15e6669
Compression filter named in a backup header is executed in restore environment (commonly dom0). While this field is properly authenticated, there may be cases where backup archive comes from less trusted source, like migrating from potentially compromised system. Modify backup header parsing code to add field specific validators. Whitelist only know crypto, hmac and compression algorithms. Based on a patch by Jean-Philippe Ouellet <jpo@vt.edu> Reported-by: Jean-Philippe Ouellet <jpo@vt.edu> |
||
|---|---|---|
| ci | ||
| debian | ||
| doc | ||
| etc | ||
| qubesadmin | ||
| rpm_spec | ||
| test-packages | ||
| .gitignore | ||
| .pylintrc | ||
| .travis.yml | ||
| LICENSE | ||
| Makefile | ||
| Makefile.builder | ||
| README.md | ||
| run-tests | ||
| setup.py | ||
| version | ||
This is client side implementation of Qubes Admin API. See https://www.qubes-os.org/doc/admin-api/ for protocol specification.
Compatibility
Most of the API modules are compatible with Python >= 2.7. Very few parts require Python >= 3.5:
- tools (
qvm-*) - qubesadmin.events module (for asyncio module)
Parts not compatible with Python < 3.5, are not installed in such environment.