[Mono-bugs] [Bug 547879] ASP.NET Packages should set web root owner to wwwrun

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Mon Oct 19 13:54:03 EDT 2009


User twiest at novell.com added comment

--- Comment #2 from Thomas Wiest <twiest at novell.com>  2009-10-19 11:54:00 MDT ---
I could be wrong about this, but if the code is writable by the web server,
doesn't that partially defeat the purpose of running the web server as a
different user in the first place?

A security hole in the web server would make it possible for an attacker to
re-write / overwrite code in the web app.

Specifically for BlogEngine, Marc asked jpobst to give the user a way to tell
which specific directories are writeable, which I believe is set in the MonoVS
packaging GUI.

So I believe this bug is solved already by allowing the end user to set what is
/ isn't writable.

Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list