Closed
Bug 140355
Opened 22 years ago
Closed 22 years ago
Warn the user about not using a web server group
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: myk, Assigned: bbaetz)
Details
Attachments
(1 file, 2 obsolete files)
4.67 KB,
patch
|
gerv
:
review+
justdave
:
review+
|
Details | Diff | Splinter Review |
Not using a web server group creates a number of security risks, including making directories and files world-writable. This mode of running Bugzilla is useful for testing but should not be used in the real world. We need to make that clearer to users with big warning signs.
Assignee | ||
Comment 1•22 years ago
|
||
Taking for 2.16
Assignee: justdave → bbaetz
Severity: minor → normal
Target Milestone: --- → Bugzilla 2.16
Assignee | ||
Comment 2•22 years ago
|
||
This includes a checksetup warning and a docs patch. I give up trying to regenerate the docs from this. I only added one paragraph, and it should be valid. It was taking over 15 minutes and spitting out strange errors: jade:/usr/share/sgml/docbook/dsssl-stylesheets-1.64/html/dbhtml.dsl:28:23:E: 1st argument for primitive "number->string" of wrong type: "#f" not a number and other obscure things.
Assignee | ||
Updated•22 years ago
|
Updated•22 years ago
|
Attachment #81261 -
Flags: review-
Comment 3•22 years ago
|
||
Isn't the localconfig file the best place, or at least one possible place, for a comment of this nature? Please uppercase the B in Bugzilla and P in Perl. Also, looking at that line of exclamation marks is painful. Can we use the more normal asterisks? On a stylistic point, you repeat "This means" twice. Also, change "localconfig" to "the localconfig file". When you say "you really need to change this setting", do they just alter localconfig and rerun checksetup.pl? If so, you should say that, too. In the doc patch, one exclamation mark is surely sufficient. Gerv
Assignee | ||
Comment 4•22 years ago
|
||
Changing the localconfig comment won't change it in existing files, but yeah, we probably should mention it there too. I'll tone down the docs stuff a bit. I wanted to see what it ooked like in the generated output, but I can't see that.
Assignee | ||
Comment 5•22 years ago
|
||
Attachment #81261 -
Attachment is obsolete: true
Comment 6•22 years ago
|
||
Comment on attachment 81338 [details] [diff] [review] v2 >+# set this to "". If you do set this to "", then your bugzilla installation Capital B! :-) >+other files (including the localconfig file which stores your databasa database. >+ permissions on files which bugzilla uses. If you do not have a B. >+ webservergroup set in the localconfig file, then bugzilla will have to B. >+ make certain files world readable and/or writable. <emphasis>THIS IS >+ INSECURE!</emphasis>. This means that anyone who can get access to >+ your system can do whatever they want to your bugzilla installation. B. >+ be able to take control of your bugzilla installation. B. Fix those, and r=gerv. Gerv
Attachment #81338 -
Flags: review+
Comment 7•22 years ago
|
||
Comment on attachment 81338 [details] [diff] [review] v2 how about if we check for Win32 and skip the nasty warnings if they're on Win32? Since they don't apply to them anyway...
Assignee | ||
Comment 8•22 years ago
|
||
OK, check for win32 first. Note that this doesn't make it any more secure... What about NTFS systems, which could have this stuff set up?
Attachment #81338 -
Attachment is obsolete: true
Comment 9•22 years ago
|
||
Personally, I don't think it's worth the effort to set the NTFS ACL's during Bugzilla installation, because: 1) On NT, even world-writability isn't generally that big a risk, as it's quite difficult to get to the "shell" - and on most NT boxes if you do, you'll have quite a lot of permissions anyway. 2) chmod won't do it on NT, so you'd have to use something like Win32::FileSecurity to alter the ACL's -> messy (though doable) 3) Default permissions tend to get right by inheritance if the webroot permissions are even decently configured before the BZ installation. 4) Since impersonation plays such a big role in the NT authentication world, setting the correct permissions is potentially quite a bit more complex operation than doing it on Unix. The proper configuration is probably unique to the server, and the administrator must know how to do it anyway. I think it's better to warn the admin and leave the configuration up to him/her. If one's capable enough of getting MySQL, Perl and Bugzilla running on Win32, the security configuration is a piece of cake. You could consider an addition to the documentation, though, especially if out-of-the-box installability is still in plans for 2.18.
Assignee | ||
Comment 10•22 years ago
|
||
Right - but should we warn in checksetup anyway?
Comment 11•22 years ago
|
||
Since setting the webservergroup won't make the system any more secure on Win32 platforms, warning about _not_ setting it doesn't sound sensible. I don't think we should warn Win32 users (in checksetup.pl) at all, as there is no easy way to detect if the permissions are set cleverly - so we either have to warn every time or never warn. A documentation note in the Win32 section should be enough. I propose changing section 3.6.1's installation instruction 6 to be: "Take care that the file permissions for your Bugzilla installation directory are sensible. Remove unnecessary write access."
Comment 12•22 years ago
|
||
Hmmh, s/Bugzilla installation directory/Bugzilla directory/ on the previous proposal, that seems to be a more proper term in the context.
Comment 13•22 years ago
|
||
Comment on attachment 82308 [details] [diff] [review] v3 r=gerv. Gerv
Attachment #82308 -
Flags: review+
Comment 14•22 years ago
|
||
Comment on attachment 82308 [details] [diff] [review] v3 r= justdave
Attachment #82308 -
Flags: review+
Assignee | ||
Comment 15•22 years ago
|
||
Fixed.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•