bos: Use crypt for commands where spoofing could be a risk
authorDaria Brashear <shadow@your-file-system.com>
Wed, 8 Jul 2015 18:11:33 +0000 (14:11 -0400)
committerDaria Brashear <shadow@your-file-system.com>
Wed, 29 Jul 2015 22:25:07 +0000 (18:25 -0400)
commit62926630a82b8635d1cb1514b852f9f7a2609311
tree125ce5a667e5353d15b2a30c9ebf0be9795c5dda
parent415a2aad4c1e9ab5d034b62989e4c16a37b5dcc7
bos: Use crypt for commands where spoofing could be a risk

bos defaults to not requiring crypt in a lot of cases, instead using clear.

As the simplest way to secure the channel is to enable crypt, do so.

FIXES 131782 (CVE-2015-3283)

Change-Id: I354fcbb5db37db225391a47b59d99518d1d0b2f9
src/bozo/bos.c