Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add new security-audit checks for forum and "Announce" privileges. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | forum-v2 |
| Files: | files | file ages | folders |
| SHA3-256: |
5d6fc9678d36bc6f1d76b8f62924022a |
| User & Date: | drh 2018-07-30 16:01:59.641 |
Context
|
2018-07-30
| ||
| 16:44 | Invoke abort() after a call to fossil_panic(), not exit(1). This will leave a core file if the system is correctly configured. Also show the panic on debugging logs. ... (check-in: 81632289 user: drh tags: forum-v2) | |
| 16:01 | Add new security-audit checks for forum and "Announce" privileges. ... (check-in: 5d6fc967 user: drh tags: forum-v2) | |
| 14:14 | Improvements to error detection and reporting in the artifact parser. Add the test-parse-all-blobs command for verifying the artifact parser against historical repositories. ... (check-in: d2d1a86f user: drh tags: forum-v2) | |
Changes
Changes to src/main.c.
| ︙ | ︙ | |||
88 89 90 91 92 93 94 | char Zip; /* z: download zipped artifact via /zip URL */ char Private; /* x: can send and receive private content */ char WrUnver; /* y: can push unversioned content */ char RdForum; /* 2: Read forum posts */ char WrForum; /* 3: Create new forum posts */ char WrTForum; /* 4: Post to forums not subject to moderation */ char ModForum; /* 5: Moderate (approve or reject) forum posts */ | | | 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | char Zip; /* z: download zipped artifact via /zip URL */ char Private; /* x: can send and receive private content */ char WrUnver; /* y: can push unversioned content */ char RdForum; /* 2: Read forum posts */ char WrForum; /* 3: Create new forum posts */ char WrTForum; /* 4: Post to forums not subject to moderation */ char ModForum; /* 5: Moderate (approve or reject) forum posts */ char AdminForum; /* 6: Set or remove capability 4 on other users */ char EmailAlert; /* 7: Sign up for email notifications */ char Announce; /* A: Send announcements */ char Debug; /* D: show extra Fossil debugging features */ }; #ifdef FOSSIL_ENABLE_TCL /* |
| ︙ | ︙ |
Changes to src/security_audit.c.
| ︙ | ︙ | |||
76 77 78 79 80 81 82 |
@ <p>Fix this by <a href="takeitprivate">taking the repository private</a>
@ or by removing the "y" permission from users "anonymous" and
@ "nobody" on the <a href="setup_ulist">User Configuration</a> page.
}else if( hasAnyCap(zAnonCap,"goz") ){
@ <li><p>This repository is <big><b>PUBLIC</b></big>. All
@ checked-in content can be accessed by anonymous users.
@ <a href="takeitprivate">Take it private</a>.<p>
| | > > > > | 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
@ <p>Fix this by <a href="takeitprivate">taking the repository private</a>
@ or by removing the "y" permission from users "anonymous" and
@ "nobody" on the <a href="setup_ulist">User Configuration</a> page.
}else if( hasAnyCap(zAnonCap,"goz") ){
@ <li><p>This repository is <big><b>PUBLIC</b></big>. All
@ checked-in content can be accessed by anonymous users.
@ <a href="takeitprivate">Take it private</a>.<p>
}else if( !hasAnyCap(zAnonCap, "jrwy234567")
&& (zPubPages==0 || zPubPages[0]==0) ){
@ <li><p>This repository is <big><b>Completely PRIVATE</b></big>.
@ A valid login and password is required to access any content.
}else{
@ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>.
@ A valid login and password is usually required, however some
@ content can be accessed anonymously:
@ <ul>
if( hasAnyCap(zAnonCap,"j") ){
@ <li> Wiki pages
}
if( hasAnyCap(zAnonCap,"r") ){
@ <li> Tickets
}
if( hasAnyCap(zAnonCap,"234567") ){
@ <li> Forum posts
}
if( zPubPages && zPubPages[0] ){
Glob *pGlob = glob_create(zPubPages);
int i;
@ <li> URLs that match any of these GLOB patterns:
@ <ul>
for(i=0; i<pGlob->nPattern; i++){
|
| ︙ | ︙ | |||
124 125 126 127 128 129 130 |
/* Anonymous users should not be able to harvest email addresses
** from tickets.
*/
if( hasAnyCap(zAnonCap, "e") ){
@ <li><p><b>WARNING:</b>
@ Anonymous users can view email addresses and other personally
@ identifiable information on tickets.
| | > | > | | | | > | | | 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
/* Anonymous users should not be able to harvest email addresses
** from tickets.
*/
if( hasAnyCap(zAnonCap, "e") ){
@ <li><p><b>WARNING:</b>
@ Anonymous users can view email addresses and other personally
@ identifiable information on tickets.
@ <p>Fix this by removing the "Email" privilege
@ (<a href="setup_ucap_list">capability "e") from users
@ "anonymous" and "nobody" on the
@ <a href="setup_ulist">User Configuration</a> page.
}
/* Anonymous users probably should not be allowed to push content
** to the repository.
*/
if( hasAnyCap(zAnonCap, "i") ){
@ <li><p><b>WARNING:</b>
@ Anonymous users can push new check-ins into the repository.
@ <p>Fix this by removing the "Check-in" privilege
@ (<a href="setup_ucap_list">capability</a> "i") from users
@ "anonymous" and "nobody" on the
@ <a href="setup_ulist">User Configuration</a> page.
}
/* Anonymous users probably should not be allowed act as moderators
** for wiki or tickets.
*/
if( hasAnyCap(zAnonCap, "lq5") ){
@ <li><p><b>WARNING:</b>
@ Anonymous users can act as moderators for wiki, tickets, or
@ forum posts. This defeats the whole purpose of moderation.
@ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum"
@ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5")
@ from users "anonymous" and "nobody"
@ on the <a href="setup_ulist">User Configuration</a> page.
}
/* Anonymous users probably should not be allowed to delete
** wiki or tickets.
*/
if( hasAnyCap(zAnonCap, "d") ){
@ <li><p><b>WARNING:</b>
|
| ︙ | ︙ | |||
172 173 174 175 176 177 178 |
*/
if( hasAnyCap(zAnonCap, "fk") ){
if( db_get_boolean("modreq-wiki",0)==0 ){
@ <li><p><b>WARNING:</b>
@ Anonymous users can create or edit wiki without moderation.
@ This can result in robots inserting lots of wiki spam into
@ repository.
| | > > > > > > > > > > > > > > > > > > > > > > > > > > | 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 |
*/
if( hasAnyCap(zAnonCap, "fk") ){
if( db_get_boolean("modreq-wiki",0)==0 ){
@ <li><p><b>WARNING:</b>
@ Anonymous users can create or edit wiki without moderation.
@ This can result in robots inserting lots of wiki spam into
@ repository.
@ Fix this by removing the "New-Wiki" and "Write-Wiki"
@ privileges from users "anonymous" and "nobody" on the
@ <a href="setup_ulist">User Configuration</a> page or
@ by enabling wiki moderation on the
@ <a href="setup_modreq">Moderation Setup</a> page.
}else{
@ <li><p>
@ Anonymous users can create or edit wiki, but moderator
@ approval is required before the edits become permanent.
}
}
/* Anonymous users should not be able to create trusted forum
** posts.
*/
if( hasAnyCap(zAnonCap, "456") ){
@ <li><p><b>WARNING:</b>
@ Anonymous users can create forum posts that are
@ accepted into the permanent record without moderation.
@ This can result in robots generating spam on forum posts.
@ Fix this by removing the "WriteTrusted-Forum" privilege
@ (<a href="setup_ucap_list">capabilities</a> "456") from
@ users "anonymous" and "nobody" on the
@ <a href="setup_ulist">User Configuration</a> page or
}
/* Anonymous users should not be able to send announcements.
*/
if( hasAnyCap(zAnonCap, "A") ){
@ <li><p><b>WARNING:</b>
@ Anonymous users can send announcements to anybody who is signed
@ up to receive announcements. This can result in spam.
@ Fix this by removing the "Announce" privilege
@ (<a href="setup_ucap_list">capability</a> "A") from
@ users "anonymous" and "nobody" on the
@ <a href="setup_ulist">User Configuration</a> page or
}
/* Administrative privilege should only be provided to
** specific individuals, not to entire classes of people.
** And not too many people should have administrator privilege.
*/
z = db_text(0, "SELECT group_concat(login,' AND ') FROM user"
" WHERE cap GLOB '*[as]*'"
|
| ︙ | ︙ |
Changes to src/setup.c.
| ︙ | ︙ | |||
365 366 367 368 369 370 371 |
@ <td><i>Forum-Append:</i> Add new forum posts</td></tr>
@ <tr><th valign="top">4</th>
@ <td><i>Forum-Trusted:</i> Add pre-approved forum posts </td></tr>
@ <tr><th valign="top">5</th>
@ <td><i>Forum-Moderator:</i> Approve or disapprove forum posts</td></tr>
@ <tr><th valign="top">6</th>
@ <td><i>Forum-Supervisor:</i> \
| | | 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 |
@ <td><i>Forum-Append:</i> Add new forum posts</td></tr>
@ <tr><th valign="top">4</th>
@ <td><i>Forum-Trusted:</i> Add pre-approved forum posts </td></tr>
@ <tr><th valign="top">5</th>
@ <td><i>Forum-Moderator:</i> Approve or disapprove forum posts</td></tr>
@ <tr><th valign="top">6</th>
@ <td><i>Forum-Supervisor:</i> \
@ Forum administrator: Set or remove capability "4" for other users
@ <tr><th valign="top">7</th>
@ <td><i>Email-Alerts:</i> Sign up for email nofications</td></tr>
@ <tr><th valign="top">A</th>
@ <td><i>Announce:</i> Send announcements</td></tr>
@ <tr><th valign="top">D</th>
@ <td><i>Debug:</i> Enable debugging features</td></tr>
@ </table>
|
| ︙ | ︙ |