Closed Bug 140355 Opened 22 years ago Closed 22 years ago

Warn the user about not using a web server group

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
2.15
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.16

People

(Reporter: myk, Assigned: bbaetz)

Details

Attachments

(1 file, 2 obsolete files)

v3
4.67 KB, patch
gerv
: review+
justdave
: review+
Details | Diff | Splinter Review 
Not using a web server group creates a number of security risks, including
making directories and files world-writable.  This mode of running Bugzilla is
useful for testing but should not be used in the real world.  We need to make
that clearer to users with big warning signs.
Taking for 2.16
Assignee: justdave → bbaetz
Severity: minor → normal
Target Milestone: --- → Bugzilla 2.16
Attached patch v1 (obsolete) — Splinter Review 
This includes a checksetup warning and a docs patch.

I give up trying to regenerate the docs from this. I only added one paragraph,
and it should be valid.

It was taking over 15 minutes and spitting out strange errors:

jade:/usr/share/sgml/docbook/dsssl-stylesheets-1.64/html/dbhtml.dsl:28:23:E:
1st argument for primitive "number->string" of wrong type: "#f" not a number

and other obscure things.
Keywords: patch, review
Attachment #81261 - Flags: review-
Isn't the localconfig file the best place, or at least one possible place, for a
comment of this nature?

Please uppercase the B in Bugzilla and P in Perl. Also, looking at that line of
exclamation marks is painful. Can we use the more normal asterisks?

On a stylistic point, you repeat "This means" twice.

Also, change "localconfig" to "the localconfig file".

When you say "you really need to change this setting", do they just alter
localconfig and rerun checksetup.pl? If so, you should say that, too.

In the doc patch, one exclamation mark is surely sufficient.

Gerv
Changing the localconfig comment won't change it in existing files, but yeah, we
probably should mention it there too.

I'll tone down the docs stuff a bit. I wanted to see what it ooked like in the
generated output, but I can't see that.
Attached patch v2 (obsolete) — Splinter Review 

        Attachment #81261 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 81338 [details] [diff] [review]
v2

>+# set this to "". If you do set this to "", then your bugzilla installation

Capital B! :-)

>+other files (including the localconfig file which stores your databasa

database.

>+        permissions on files which bugzilla uses. If you do not have a

B.

>+        webservergroup set in the localconfig file, then bugzilla will have to

B.

>+        make certain files world readable and/or writable. <emphasis>THIS IS
>+        INSECURE!</emphasis>. This means that anyone who can get access to
>+        your system can do whatever they want to your bugzilla installation.

B.

>+          be able to take control of your bugzilla installation.

B.

Fix those, and r=gerv.

Gerv

        Attachment #81338 -
        Flags: review+

    
    

    
  
Comment on attachment 81338 [details] [diff] [review]
v2

how about if we check for Win32 and skip the nasty warnings if they're on
Win32?	Since they don't apply to them anyway...

    
    

    
  

      
      
      
      

        Attached patch
          
          
        v3Splinter Review
      

    


  
OK, check for win32 first. Note that this doesn't make it any more secure...
What about NTFS systems, which could have this stuff set up?

        Attachment #81338 -
        Attachment is obsolete: true

    
    

    
  
Personally, I don't think it's worth the effort to set the NTFS ACL's during
Bugzilla installation, because:

1) On NT, even world-writability isn't generally that big a risk, as it's quite
difficult to get to the "shell" - and on most NT boxes if you do, you'll have
quite a lot of permissions anyway.

2) chmod won't do it on NT, so you'd have to use something like
Win32::FileSecurity to alter the ACL's -> messy (though doable)

3) Default permissions tend to get right by inheritance if the webroot
permissions are even decently configured before the BZ installation.

4) Since impersonation plays such a big role in the NT authentication world,
setting the correct permissions is potentially quite a bit more complex
operation than doing it on Unix. The proper configuration is probably unique to
the server, and the administrator must know how to do it anyway. 

I think it's better to warn the admin and leave the configuration up to him/her.
If one's capable enough of getting MySQL, Perl and Bugzilla running on Win32,
the security configuration is a piece of cake. You could consider an addition to
the documentation, though, especially if out-of-the-box installability is still
in plans for 2.18. 

    
    

    
  
Right - but should we warn in checksetup anyway?

    
    

    
  
Since setting the webservergroup won't make the system any more secure on Win32
platforms, warning about _not_ setting it doesn't sound sensible. I don't think
we should warn Win32 users (in checksetup.pl) at all, as there is no easy way to
detect if the permissions are set cleverly - so we either have to warn every
time or never warn.

A documentation note in the Win32 section should be enough. I propose changing
section 3.6.1's installation instruction 6 to be: "Take care that the file
permissions for your Bugzilla installation directory are sensible. Remove
unnecessary write access."



    
    

    
  
Hmmh, s/Bugzilla installation directory/Bugzilla directory/ on the previous
proposal, that seems to be a more proper term in the context.

    
    

    
  
Comment on attachment 82308 [details] [diff] [review]
v3

r=gerv.

Gerv

        Attachment #82308 -
        Flags: review+

    
    

    
  
Comment on attachment 82308 [details] [diff] [review]
v3

r= justdave

        Attachment #82308 -
        Flags: review+

    
    

    
  
Fixed.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
QA Contact: matty_is_a_geek → default-qa

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: