[pmwiki-users] SourceForge.net Read-Only Policy - PmWiki-Compatible!

Joachim Durchholz jo at durchholz.org
Sat May 14 10:11:41 CDT 2005


H. Fox wrote:
> Here's my alternate method (1st draft), which doesn't use 
> world-writable directories or directories with the default "users" 
> group.  Does this look acceptable? Is it "more secure" or a waste of 
> extra effort?  If it's acceptable I'll put it, or something similar, 
> in the cookbook page.

It's certainly acceptable, though it is less helpful on services where 
every http request is run as the same user. I.e. if Apache is servicing 
every single request as user nobody, then there's no separation between 
user accounts - if my script can write to wiki.d, then that of any other 
user can, too.
That's independent of whether that directory is in the normal tree or 
has been moved off into another file system: if it's writable by user 
'foo', and every http script is running as user 'foo', then there's no 
security for the writable portion of your WWW presence.

So, SF is fine for read-only wikis, but I wouldn't recommend it for 
editable wikis.

(SF has other security holes. I had written an Explorer-style script for 
doing file maintenance on my project account, accidentally found that I 
could escape out of my home directory with it, and verified that I was 
able to read and write in arbitrary project directories. Shortly 
thereafter, Peter Thoeny's TWiki project was destroyed by vandals - he 
was able to restore everything from backup, but lost a few days of work. 
That /tmp/persistent move doesn't seem to be more than partially 
addressing the issue, so I still think it was a good move to rent my own 
server instead of relying on SF...)

Regards,
Jo



More information about the pmwiki-users mailing list