I have a few questions: Whats the difference between
chmod 777 /var/lib/twiki/working/tmp and chmod 777 /tmp/twiki as that is all it seems to me you're suggesting is the difference between a CVE raised on a maybe problem that requires a very odd set of circumstances and what you have labled as a grave error. The tmp dir is used (mostly from apache, but also from the command line and cron jobs) for session files and rcs for its very short lived temporary files. working/tmp is NOT used for any web data, it is used by rcs (presumably responsible for its own security) and for session files which have their own uniqued filename. and so, I think you are in error, and need to read the code a little before you make assertions like this. Sven On Sun, 2007-10-21 at 12:26 +0200, Nico Golde wrote: > Hi Sven, > * Sven Dowideit <[EMAIL PROTECTED]> [2007-10-21 11:57]: > > ok, following the url.. > > > > Nico, you seem to me to be incorrect. > > > > 777 is on the working/tmp dir only, which is not used for any web > > content. > > I didn't say this but twiki is using it, no? > Lets assume you put a symlink in there with a name of a tmp > file that has to be written pointing to some web content (I > said web content because apache does not run with root) then > twiki will overwrite the file following the symlink because > the file names of the plugins are predictable. > If this is not the case I wonder why www-data is the group > name. > > > Also, as the twiki cgi scripts are callable from the command > > line by any user, requiring the working/tmp dir to be writable by any > > user, I can't think of any way that this is fixable? > > Then let them use /tmp but create unique file names using > for example mkstemp. > > Kind regards > Nico -- Professional Wiki Innovation and Support Sven Dowideit - http://DistributedINFORMATION.com A WikiRing Partner http://wikiring.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
