Bug
php/cli needs appropriate rights check
Rejection comment
All the source code in the php dir is read and writable for apache group. Why should php/cli be an exception? The purpose of php/cli is a quick and cheap way to write a script to query or import data. Data import has been shifted mainly to services. The admin has to be aware that information in the php/cli in principal accessible to www-data, but there is more restrictions in place which allow only admin users to get anywhere near the files there.
Currently there is no way to read the files there (unless they are referenced in service file, which is not recommended but also not prohibited). It would be possible for an admin to save php code there, but restricting that would not have any benefit since a malicious admin has easier ways to compromise a system.
|
Work sessions
Start |
2017-01-14T10:26:42
|
End |
2017-01-14T10:40:05
|
Participant |
Robert Cerny
|
|
We are sorry
This page cannot be displayed in your browser. Use Firefox, Opera, Safari, or Chrome instead.