[Mono-bugs] [Bug 547879] ASP.NET Packages should set web root owner to wwwrun
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Mon Oct 19 13:54:03 EDT 2009
http://bugzilla.novell.com/show_bug.cgi?id=547879
User twiest at novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=547879#c2
--- Comment #2 from Thomas Wiest <twiest at novell.com> 2009-10-19 11:54:00 MDT ---
I could be wrong about this, but if the code is writable by the web server,
doesn't that partially defeat the purpose of running the web server as a
different user in the first place?
A security hole in the web server would make it possible for an attacker to
re-write / overwrite code in the web app.
Specifically for BlogEngine, Marc asked jpobst to give the user a way to tell
which specific directories are writeable, which I believe is set in the MonoVS
packaging GUI.
So I believe this bug is solved already by allowing the end user to set what is
/ isn't writable.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list