Hi Sven, * Sven Dowideit <[EMAIL PROTECTED]> [2007-10-21 11:57]: > ok, following the url.. > > Nico, you seem to me to be incorrect. > > 777 is on the working/tmp dir only, which is not used for any web > content.
I didn't say this but twiki is using it, no? Lets assume you put a symlink in there with a name of a tmp file that has to be written pointing to some web content (I said web content because apache does not run with root) then twiki will overwrite the file following the symlink because the file names of the plugins are predictable. If this is not the case I wonder why www-data is the group name. > Also, as the twiki cgi scripts are callable from the command > line by any user, requiring the working/tmp dir to be writable by any > user, I can't think of any way that this is fixable? Then let them use /tmp but create unique file names using for example mkstemp. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpWc6KW8yWSX.pgp
Description: PGP signature
