httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: Somebody please fix the bug db!
Date Mon, 24 Apr 2000 21:16:22 GMT
On Mon, 24 Apr 2000 rbb@covalent.net wrote:

> 
> I just noticed that the 2.0 bug DB is broken.  I tried opening a new bug,
> and I tried running a query, and the globals.pl script is failing with
> 
> can't create data/versioncache.78201 at globals.pl line 308
>                                (pid)
> 
> The errno message is Permission denied (had to modify the script to get
> it).  Could somebody with high enough access on locus PLEASE look into
> this ASAP?

A number of directories under /www/www.apache.org were world writable,
including ones related to buzilla I think.

That is not acceptable and is a significant security problem, considering
that there is anonftp access to /www/www.apache.org.  Brian fixed the
world writableness of them today or yesterday.  That may have broken some
scripts.

This also ties in with the bugzilla-on-mirrors problem, which is again
because it is under the www.apache.org doctree.  It should probably be
moved to its own vhost (like gnats was, for this exact reason) and setup
properly with permissions, etc.


Mime
View raw message