[Mono-bugs] [Bug 535787] New: File ownership and permissions are not able to be set in current MonoVS (0.3.3771)

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Mon Aug 31 18:34:49 EDT 2009 

http://bugzilla.novell.com/show_bug.cgi?id=535787


           Summary: File ownership and permissions are not able to be set
                    in current MonoVS (0.3.3771)
    Classification: Mono
           Product: Mono: Tools
           Version: unspecified
          Platform: x86
        OS/Version: Other
            Status: NEW
          Severity: Critical
          Priority: P5 - None
         Component: Visual Studio Integration
        AssignedTo: jpobst at novell.com
        ReportedBy: mchristensen at novell.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: Component Test


Description of Problem:

File ownership and permissions can not be set using MonoVS in the packaing
module.  This is critical for proper security and function of installed Linux
packages.

Default ownership and permissions should be settable.  This default setting
goes at the top of the file list in the RPM spec file.

Subsequent changes to the default should be settable on a per-file/directory
basis and also have the option to be recursive for directories.

An example of how this affects blogengine is that the App_Data directory needs
to be writable by the web server process which runs as wwwrun.  In the current
situation, the directory is owned by root with permissions drwxr-xr-x making it
impossible for the web server to create new data.  This directory also contains
files and directories which also need to be writable by the web process.

It's important to note that simply changing a directory and it's contents to
"world-writable", it not acceptable and creates security.  Such security
attacks could include a user deleting all world writable directories and files
or filling up the partition with data in a writable area of the file system,
exploiting temporary files could give access to any file the web server
(wwwrun) has access to, etc.  There are other possibilities as well.

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list