Bug 200351 - www/mahara: fix permissions
Summary: www/mahara: fix permissions
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Wen Heping
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-20 15:37 UTC by Dmitry Marakasov
Modified: 2015-05-21 07:55 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (wen)


Attachments
Patch (1.28 KB, patch)
2015-05-20 15:37 UTC, Dmitry Marakasov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Marakasov freebsd_committer freebsd_triage 2015-05-20 15:37:25 UTC
Created attachment 156978 [details]
Patch

As suggested by mat@, WWWDIR should not be owned/writable by www:

> Mmmm, ok, looking at upstream documentation, it says the only directory
> that should be writable by the web user is a data directory, which seems to
> be called MAHARADATADIR here.  So, I feel the @owner/@group should be
> removed to close the gaping security hole, and @dir(www,www,) be restricted
> to MAHARADATADIR.
              
And probably MAHARADATADIR should not writable by anyone as well.
                                                                                  While here, add LICENSE_FILE.

Note that other www/ ports you maintain may have similar problem.
Comment 1 commit-hook freebsd_committer freebsd_triage 2015-05-21 07:49:55 UTC
A commit references this bug:

Author: wen
Date: Thu May 21 07:48:58 UTC 2015
New revision: 386916
URL: https://svnweb.freebsd.org/changeset/ports/386916

Log:
  - Fix permissions [1]
  - Add LICENSE file [1]
  - Add missing PHP module
  - Update pkg-message

  PR:		200351 [1]
  Submitted by:	amdmi3@

Changes:
  head/www/mahara/Makefile
  head/www/mahara/files/pkg-message.in
Comment 2 Wen Heping freebsd_committer freebsd_triage 2015-05-21 07:53:24 UTC
(In reply to Dmitry Marakasov from comment #0)
I committed this PR, and some other improvement.

As the other www/ ports may have similar problem, I shall check it one by one later. But in my memory, some does not work if we have the same permissions fix.

Thanks !

wen