[pmwiki-users] SourceForge.net Read-Only Policy - PmWiki-Compatible!
Joachim Durchholz
jo at durchholz.org
Sat May 14 10:11:41 CDT 2005
H. Fox wrote:
> Here's my alternate method (1st draft), which doesn't use
> world-writable directories or directories with the default "users"
> group. Does this look acceptable? Is it "more secure" or a waste of
> extra effort? If it's acceptable I'll put it, or something similar,
> in the cookbook page.
It's certainly acceptable, though it is less helpful on services where
every http request is run as the same user. I.e. if Apache is servicing
every single request as user nobody, then there's no separation between
user accounts - if my script can write to wiki.d, then that of any other
user can, too.
That's independent of whether that directory is in the normal tree or
has been moved off into another file system: if it's writable by user
'foo', and every http script is running as user 'foo', then there's no
security for the writable portion of your WWW presence.
So, SF is fine for read-only wikis, but I wouldn't recommend it for
editable wikis.
(SF has other security holes. I had written an Explorer-style script for
doing file maintenance on my project account, accidentally found that I
could escape out of my home directory with it, and verified that I was
able to read and write in arbitrary project directories. Shortly
thereafter, Peter Thoeny's TWiki project was destroyed by vandals - he
was able to restore everything from backup, but lost a few days of work.
That /tmp/persistent move doesn't seem to be more than partially
addressing the issue, so I still think it was a good move to rent my own
server instead of relying on SF...)
Regards,
Jo
More information about the pmwiki-users
mailing list