[Trac-tickets] [The Trac Project] #3005: Fine grained permission
don't work (security hole)
The Trac Project
noreply at edgewall.com
Sun Apr 9 09:54:53 CDT 2006
#3005: Fine grained permission don't work (security hole)
------------------------------------+---------------------------------------
Reporter: mark at openmailadmin.org | Owner: jonas
Type: defect | Status: new
Priority: normal | Milestone:
Component: general | Version: 0.9.4
Severity: normal | Keywords:
------------------------------------+---------------------------------------
== testcase ==
Create a page, let's say {{{mogg}}}. This page shall only be visible to
two users...
{{{
# excerpt of trac.ini
[trac]
authz_file = /var/lib/trac/test/conf/authz.conf
}}}
{{{
# authz.conf
[/]
* = r
[/wiki/mogg]
* =
mark = rw
work = r
}}}
== expected behaviour ==
Anonymous cannot view that page.
== actual behaviour ==
Anonymous is able to view that page, too.
== notes ==
* Setting {{{authz_module_name}}} does not change anything.
* Neither {{{[mogg]}}} nor {{{[/mogg]}}} nor {{{[/wiki/mogg]}}} nor any
equivalent with module-name works.
* I've restarted apache between every run.
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3005>
The Trac Project <http://trac.edgewall.com/>
More information about the Trac-Tickets
mailing list