[security:low] LLNG admins can disable Safe jail and run commands on the server
With the Safe jail turned off, it is possible to run commands on the servers by abusing Perl backticks:
Using this, an admin who only has access to the manager can gain shell access to the server (as the apache user, but still)
If the Safe Jail (which prevents this) is on, the rogue admin can disable it easily from the manager.
It would be nice to make this feature impossible to disable in the manager to make sure an SSO admin cannot exploit this vulnerability. A simple way to do that is to set useSafeJail=1 in lemonldap-ng.ini but it's not done by default
We should at least do that, and maybe remove the setting from the manager completely too ?