Quoting "Magnus Therning" <mag...@therning.org>:
They way I understand your plugin it would most likely not be acceptable in our environment. Having trac-admins write scripts that get executed on the server is not something the system-admin will allow. (This is in the name of security, and I know that there are other garage-door sized wholes already, like the ability for a trac-admin to upload any plugin. But hey, I'm not keen on trying to push through an obvious way for trac-admins to run code on the server by pointing out that there already is another, less obvious, way to do just that. Not when that other mechanism is so useful to me as a trac-admin. :)
Just to be sure: Does your Trac run under uid 0 (root)? This would be completely unacceptable, of course. If Trac runs as its own, separated user, the shell scripts still can do harm, but e.g. not kill the system. Uploading plugins can be easily prohibited by setting the plugin dir to 555, very simple. Btw. plugins are only stored in the plugins dir and cannot access data, that the trac user (hopefully not root/0) is not allowed to access. Cheers -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-users@googlegroups.com. To unsubscribe from this group, send email to trac-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
