[Bug 200351] www/mahara: fix permissions
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed May 20 15:37:25 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200351
Bug ID: 200351
Summary: www/mahara: fix permissions
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: wen at FreeBSD.org
Reporter: amdmi3 at FreeBSD.org
Assignee: wen at FreeBSD.org
Flags: maintainer-feedback?(wen at FreeBSD.org)
Created attachment 156978
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=156978&action=edit
Patch
As suggested by mat@, WWWDIR should not be owned/writable by www:
> Mmmm, ok, looking at upstream documentation, it says the only directory
> that should be writable by the web user is a data directory, which seems to
> be called MAHARADATADIR here. So, I feel the @owner/@group should be
> removed to close the gaping security hole, and @dir(www,www,) be restricted
> to MAHARADATADIR.
And probably MAHARADATADIR should not writable by anyone as well.
While here, add LICENSE_FILE.
Note that other www/ ports you maintain may have similar problem.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list