Fossil SCM

Add new security-audit checks for forum and "Announce" privileges.

drh 2018-07-30 16:01 UTC forum-v2

Commit 5d6fc9678d36bc6f1d76b8f62924022a89bb2f58d82f64c0cc03c968cf86605a

Parent d2d1a86fa29f12a…

3 files changed +1 -1 +43 -10 +1 -1

~ src/main.c ~ src/security_audit.c ~ src/setup.c

M src/main.c

+1 -1

		--- src/main.c
		+++ src/main.c
		@@ -90,11 +90,11 @@
90	90	char WrUnver; /* y: can push unversioned content */
91	91	char RdForum; /* 2: Read forum posts */
92	92	char WrForum; /* 3: Create new forum posts */
93	93	char WrTForum; /* 4: Post to forums not subject to moderation */
94	94	char ModForum; /* 5: Moderate (approve or reject) forum posts */
95		- char AdminForum; /* 6: Edit forum posts by other users */
	95	+ char AdminForum; /* 6: Set or remove capability 4 on other users */
96	96	char EmailAlert; /* 7: Sign up for email notifications */
97	97	char Announce; /* A: Send announcements */
98	98	char Debug; /* D: show extra Fossil debugging features */
99	99	};
100	100
101	101

	--- src/main.c
	+++ src/main.c
	@@ -90,11 +90,11 @@
90	char WrUnver; /* y: can push unversioned content */
91	char RdForum; /* 2: Read forum posts */
92	char WrForum; /* 3: Create new forum posts */
93	char WrTForum; /* 4: Post to forums not subject to moderation */
94	char ModForum; /* 5: Moderate (approve or reject) forum posts */
95	char AdminForum; /* 6: Edit forum posts by other users */
96	char EmailAlert; /* 7: Sign up for email notifications */
97	char Announce; /* A: Send announcements */
98	char Debug; /* D: show extra Fossil debugging features */
99	};
100
101

	--- src/main.c
	+++ src/main.c
	@@ -90,11 +90,11 @@
90	char WrUnver; /* y: can push unversioned content */
91	char RdForum; /* 2: Read forum posts */
92	char WrForum; /* 3: Create new forum posts */
93	char WrTForum; /* 4: Post to forums not subject to moderation */
94	char ModForum; /* 5: Moderate (approve or reject) forum posts */
95	char AdminForum; /* 6: Set or remove capability 4 on other users */
96	char EmailAlert; /* 7: Sign up for email notifications */
97	char Announce; /* A: Send announcements */
98	char Debug; /* D: show extra Fossil debugging features */
99	};
100
101

M src/security_audit.c

+43 -10

		--- src/security_audit.c
		+++ src/security_audit.c
		@@ -78,11 +78,12 @@
78	78	@ "nobody" on the <a href="setup_ulist">User Configuration</a> page.
79	79	}else if( hasAnyCap(zAnonCap,"goz") ){
80	80	@ <li><p>This repository is <big><b>PUBLIC</b></big>. All
81	81	@ checked-in content can be accessed by anonymous users.
82	82	@ <a href="takeitprivate">Take it private</a>.<p>
83		- }else if( !hasAnyCap(zAnonCap, "jry") && (zPubPages==0 \|\| zPubPages[0]==0) ){
	83	+ }else if( !hasAnyCap(zAnonCap, "jrwy234567")
	84	+ && (zPubPages==0 \|\| zPubPages[0]==0) ){
84	85	@ <li><p>This repository is <big><b>Completely PRIVATE</b></big>.
85	86	@ A valid login and password is required to access any content.
86	87	}else{
87	88	@ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>.
88	89	@ A valid login and password is usually required, however some
		@@ -91,10 +92,13 @@
91	92	if( hasAnyCap(zAnonCap,"j") ){
92	93	@ <li> Wiki pages
93	94	}
94	95	if( hasAnyCap(zAnonCap,"r") ){
95	96	@ <li> Tickets
	97	+ }
	98	+ if( hasAnyCap(zAnonCap,"234567") ){
	99	+ @ <li> Forum posts
96	100	}
97	101	if( zPubPages && zPubPages[0] ){
98	102	Glob *pGlob = glob_create(zPubPages);
99	103	int i;
100	104	@ <li> URLs that match any of these GLOB patterns:
		@@ -126,11 +130,12 @@
126	130	*/
127	131	if( hasAnyCap(zAnonCap, "e") ){
128	132	@ <li><p><b>WARNING:</b>
129	133	@ Anonymous users can view email addresses and other personally
130	134	@ identifiable information on tickets.
131		- @ <p>Fix this by removing the "Email" privilege from users
	135	+ @ <p>Fix this by removing the "Email" privilege
	136	+ @ (<a href="setup_ucap_list">capability "e") from users
132	137	@ "anonymous" and "nobody" on the
133	138	@ <a href="setup_ulist">User Configuration</a> page.
134	139	}
135	140
136	141	/* Anonymous users probably should not be allowed to push content
		@@ -137,25 +142,27 @@
137	142	** to the repository.
138	143	*/
139	144	if( hasAnyCap(zAnonCap, "i") ){
140	145	@ <li><p><b>WARNING:</b>
141	146	@ Anonymous users can push new check-ins into the repository.
142		- @ <p>Fix this by removing the "Check-in" privilege from users
	147	+ @ <p>Fix this by removing the "Check-in" privilege
	148	+ @ (<a href="setup_ucap_list">capability</a> "i") from users
143	149	@ "anonymous" and "nobody" on the
144	150	@ <a href="setup_ulist">User Configuration</a> page.
145	151	}
146	152
147	153	/* Anonymous users probably should not be allowed act as moderators
148	154	** for wiki or tickets.
149	155	*/
150		- if( hasAnyCap(zAnonCap, "lq") ){
	156	+ if( hasAnyCap(zAnonCap, "lq5") ){
151	157	@ <li><p><b>WARNING:</b>
152		- @ Anonymous users can act as moderators for wiki and/or tickets.
153		- @ This defeats the whole purpose of moderation.
154		- @ <p>Fix this by removing the "Mod-Wiki" and "Mod-Tkt"
155		- @ privilege from users "anonymous" and "nobody" on the
156		- @ <a href="setup_ulist">User Configuration</a> page.
	158	+ @ Anonymous users can act as moderators for wiki, tickets, or
	159	+ @ forum posts. This defeats the whole purpose of moderation.
	160	+ @ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum"
	161	+ @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5")
	162	+ @ from users "anonymous" and "nobody"
	163	+ @ on the <a href="setup_ulist">User Configuration</a> page.
157	164	}
158	165
159	166	/* Anonymous users probably should not be allowed to delete
160	167	** wiki or tickets.
161	168	*/
		@@ -174,11 +181,11 @@
174	181	if( db_get_boolean("modreq-wiki",0)==0 ){
175	182	@ <li><p><b>WARNING:</b>
176	183	@ Anonymous users can create or edit wiki without moderation.
177	184	@ This can result in robots inserting lots of wiki spam into
178	185	@ repository.
179		- @ <p>Fix this by removing the "New-Wiki" and "Write-Wiki"
	186	+ @ Fix this by removing the "New-Wiki" and "Write-Wiki"
180	187	@ privileges from users "anonymous" and "nobody" on the
181	188	@ <a href="setup_ulist">User Configuration</a> page or
182	189	@ by enabling wiki moderation on the
183	190	@ <a href="setup_modreq">Moderation Setup</a> page.
184	191	}else{
		@@ -185,10 +192,36 @@
185	192	@ <li><p>
186	193	@ Anonymous users can create or edit wiki, but moderator
187	194	@ approval is required before the edits become permanent.
188	195	}
189	196	}
	197	+
	198	+ /* Anonymous users should not be able to create trusted forum
	199	+ ** posts.
	200	+ */
	201	+ if( hasAnyCap(zAnonCap, "456") ){
	202	+ @ <li><p><b>WARNING:</b>
	203	+ @ Anonymous users can create forum posts that are
	204	+ @ accepted into the permanent record without moderation.
	205	+ @ This can result in robots generating spam on forum posts.
	206	+ @ Fix this by removing the "WriteTrusted-Forum" privilege
	207	+ @ (<a href="setup_ucap_list">capabilities</a> "456") from
	208	+ @ users "anonymous" and "nobody" on the
	209	+ @ <a href="setup_ulist">User Configuration</a> page or
	210	+ }
	211	+
	212	+ /* Anonymous users should not be able to send announcements.
	213	+ */
	214	+ if( hasAnyCap(zAnonCap, "A") ){
	215	+ @ <li><p><b>WARNING:</b>
	216	+ @ Anonymous users can send announcements to anybody who is signed
	217	+ @ up to receive announcements. This can result in spam.
	218	+ @ Fix this by removing the "Announce" privilege
	219	+ @ (<a href="setup_ucap_list">capability</a> "A") from
	220	+ @ users "anonymous" and "nobody" on the
	221	+ @ <a href="setup_ulist">User Configuration</a> page or
	222	+ }
190	223
191	224	/* Administrative privilege should only be provided to
192	225	** specific individuals, not to entire classes of people.
193	226	** And not too many people should have administrator privilege.
194	227	*/
195	228

	--- src/security_audit.c
	+++ src/security_audit.c
	@@ -78,11 +78,12 @@
78	@ "nobody" on the <a href="setup_ulist">User Configuration</a> page.
79	}else if( hasAnyCap(zAnonCap,"goz") ){
80	@ <li><p>This repository is <big><b>PUBLIC</b></big>. All
81	@ checked-in content can be accessed by anonymous users.
82	@ <a href="takeitprivate">Take it private</a>.<p>
83	}else if( !hasAnyCap(zAnonCap, "jry") && (zPubPages==0 \|\| zPubPages[0]==0) ){

84	@ <li><p>This repository is <big><b>Completely PRIVATE</b></big>.
85	@ A valid login and password is required to access any content.
86	}else{
87	@ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>.
88	@ A valid login and password is usually required, however some
	@@ -91,10 +92,13 @@
91	if( hasAnyCap(zAnonCap,"j") ){
92	@ <li> Wiki pages
93	}
94	if( hasAnyCap(zAnonCap,"r") ){
95	@ <li> Tickets



96	}
97	if( zPubPages && zPubPages[0] ){
98	Glob *pGlob = glob_create(zPubPages);
99	int i;
100	@ <li> URLs that match any of these GLOB patterns:
	@@ -126,11 +130,12 @@
126	*/
127	if( hasAnyCap(zAnonCap, "e") ){
128	@ <li><p><b>WARNING:</b>
129	@ Anonymous users can view email addresses and other personally
130	@ identifiable information on tickets.
131	@ <p>Fix this by removing the "Email" privilege from users

132	@ "anonymous" and "nobody" on the
133	@ <a href="setup_ulist">User Configuration</a> page.
134	}
135
136	/* Anonymous users probably should not be allowed to push content
	@@ -137,25 +142,27 @@
137	** to the repository.
138	*/
139	if( hasAnyCap(zAnonCap, "i") ){
140	@ <li><p><b>WARNING:</b>
141	@ Anonymous users can push new check-ins into the repository.
142	@ <p>Fix this by removing the "Check-in" privilege from users

143	@ "anonymous" and "nobody" on the
144	@ <a href="setup_ulist">User Configuration</a> page.
145	}
146
147	/* Anonymous users probably should not be allowed act as moderators
148	** for wiki or tickets.
149	*/
150	if( hasAnyCap(zAnonCap, "lq") ){
151	@ <li><p><b>WARNING:</b>
152	@ Anonymous users can act as moderators for wiki and/or tickets.
153	@ This defeats the whole purpose of moderation.
154	@ <p>Fix this by removing the "Mod-Wiki" and "Mod-Tkt"
155	@ privilege from users "anonymous" and "nobody" on the
156	@ <a href="setup_ulist">User Configuration</a> page.

157	}
158
159	/* Anonymous users probably should not be allowed to delete
160	** wiki or tickets.
161	*/
	@@ -174,11 +181,11 @@
174	if( db_get_boolean("modreq-wiki",0)==0 ){
175	@ <li><p><b>WARNING:</b>
176	@ Anonymous users can create or edit wiki without moderation.
177	@ This can result in robots inserting lots of wiki spam into
178	@ repository.
179	@ <p>Fix this by removing the "New-Wiki" and "Write-Wiki"
180	@ privileges from users "anonymous" and "nobody" on the
181	@ <a href="setup_ulist">User Configuration</a> page or
182	@ by enabling wiki moderation on the
183	@ <a href="setup_modreq">Moderation Setup</a> page.
184	}else{
	@@ -185,10 +192,36 @@
185	@ <li><p>
186	@ Anonymous users can create or edit wiki, but moderator
187	@ approval is required before the edits become permanent.
188	}
189	}


























190
191	/* Administrative privilege should only be provided to
192	** specific individuals, not to entire classes of people.
193	** And not too many people should have administrator privilege.
194	*/
195

	--- src/security_audit.c
	+++ src/security_audit.c
	@@ -78,11 +78,12 @@
78	@ "nobody" on the <a href="setup_ulist">User Configuration</a> page.
79	}else if( hasAnyCap(zAnonCap,"goz") ){
80	@ <li><p>This repository is <big><b>PUBLIC</b></big>. All
81	@ checked-in content can be accessed by anonymous users.
82	@ <a href="takeitprivate">Take it private</a>.<p>
83	}else if( !hasAnyCap(zAnonCap, "jrwy234567")
84	&& (zPubPages==0 \|\| zPubPages[0]==0) ){
85	@ <li><p>This repository is <big><b>Completely PRIVATE</b></big>.
86	@ A valid login and password is required to access any content.
87	}else{
88	@ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>.
89	@ A valid login and password is usually required, however some
	@@ -91,10 +92,13 @@
92	if( hasAnyCap(zAnonCap,"j") ){
93	@ <li> Wiki pages
94	}
95	if( hasAnyCap(zAnonCap,"r") ){
96	@ <li> Tickets
97	}
98	if( hasAnyCap(zAnonCap,"234567") ){
99	@ <li> Forum posts
100	}
101	if( zPubPages && zPubPages[0] ){
102	Glob *pGlob = glob_create(zPubPages);
103	int i;
104	@ <li> URLs that match any of these GLOB patterns:
	@@ -126,11 +130,12 @@
130	*/
131	if( hasAnyCap(zAnonCap, "e") ){
132	@ <li><p><b>WARNING:</b>
133	@ Anonymous users can view email addresses and other personally
134	@ identifiable information on tickets.
135	@ <p>Fix this by removing the "Email" privilege
136	@ (<a href="setup_ucap_list">capability "e") from users
137	@ "anonymous" and "nobody" on the
138	@ <a href="setup_ulist">User Configuration</a> page.
139	}
140
141	/* Anonymous users probably should not be allowed to push content
	@@ -137,25 +142,27 @@
142	** to the repository.
143	*/
144	if( hasAnyCap(zAnonCap, "i") ){
145	@ <li><p><b>WARNING:</b>
146	@ Anonymous users can push new check-ins into the repository.
147	@ <p>Fix this by removing the "Check-in" privilege
148	@ (<a href="setup_ucap_list">capability</a> "i") from users
149	@ "anonymous" and "nobody" on the
150	@ <a href="setup_ulist">User Configuration</a> page.
151	}
152
153	/* Anonymous users probably should not be allowed act as moderators
154	** for wiki or tickets.
155	*/
156	if( hasAnyCap(zAnonCap, "lq5") ){
157	@ <li><p><b>WARNING:</b>
158	@ Anonymous users can act as moderators for wiki, tickets, or
159	@ forum posts. This defeats the whole purpose of moderation.
160	@ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum"
161	@ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5")
162	@ from users "anonymous" and "nobody"
163	@ on the <a href="setup_ulist">User Configuration</a> page.
164	}
165
166	/* Anonymous users probably should not be allowed to delete
167	** wiki or tickets.
168	*/
	@@ -174,11 +181,11 @@
181	if( db_get_boolean("modreq-wiki",0)==0 ){
182	@ <li><p><b>WARNING:</b>
183	@ Anonymous users can create or edit wiki without moderation.
184	@ This can result in robots inserting lots of wiki spam into
185	@ repository.
186	@ Fix this by removing the "New-Wiki" and "Write-Wiki"
187	@ privileges from users "anonymous" and "nobody" on the
188	@ <a href="setup_ulist">User Configuration</a> page or
189	@ by enabling wiki moderation on the
190	@ <a href="setup_modreq">Moderation Setup</a> page.
191	}else{
	@@ -185,10 +192,36 @@
192	@ <li><p>
193	@ Anonymous users can create or edit wiki, but moderator
194	@ approval is required before the edits become permanent.
195	}
196	}
197
198	/* Anonymous users should not be able to create trusted forum
199	** posts.
200	*/
201	if( hasAnyCap(zAnonCap, "456") ){
202	@ <li><p><b>WARNING:</b>
203	@ Anonymous users can create forum posts that are
204	@ accepted into the permanent record without moderation.
205	@ This can result in robots generating spam on forum posts.
206	@ Fix this by removing the "WriteTrusted-Forum" privilege
207	@ (<a href="setup_ucap_list">capabilities</a> "456") from
208	@ users "anonymous" and "nobody" on the
209	@ <a href="setup_ulist">User Configuration</a> page or
210	}
211
212	/* Anonymous users should not be able to send announcements.
213	*/
214	if( hasAnyCap(zAnonCap, "A") ){
215	@ <li><p><b>WARNING:</b>
216	@ Anonymous users can send announcements to anybody who is signed
217	@ up to receive announcements. This can result in spam.
218	@ Fix this by removing the "Announce" privilege
219	@ (<a href="setup_ucap_list">capability</a> "A") from
220	@ users "anonymous" and "nobody" on the
221	@ <a href="setup_ulist">User Configuration</a> page or
222	}
223
224	/* Administrative privilege should only be provided to
225	** specific individuals, not to entire classes of people.
226	** And not too many people should have administrator privilege.
227	*/
228

M src/setup.c

+1 -1

		--- src/setup.c
		+++ src/setup.c
		@@ -367,11 +367,11 @@
367	367	@ <td><i>Forum-Trusted:</i> Add pre-approved forum posts </td></tr>
368	368	@ <tr><th valign="top">5</th>
369	369	@ <td><i>Forum-Moderator:</i> Approve or disapprove forum posts</td></tr>
370	370	@ <tr><th valign="top">6</th>
371	371	@ <td><i>Forum-Supervisor:</i> \
372		- @ Forum administrator
	372	+ @ Forum administrator: Set or remove capability "4" for other users
373	373	@ <tr><th valign="top">7</th>
374	374	@ <td><i>Email-Alerts:</i> Sign up for email nofications</td></tr>
375	375	@ <tr><th valign="top">A</th>
376	376	@ <td><i>Announce:</i> Send announcements</td></tr>
377	377	@ <tr><th valign="top">D</th>
378	378

	--- src/setup.c
	+++ src/setup.c
	@@ -367,11 +367,11 @@
367	@ <td><i>Forum-Trusted:</i> Add pre-approved forum posts </td></tr>
368	@ <tr><th valign="top">5</th>
369	@ <td><i>Forum-Moderator:</i> Approve or disapprove forum posts</td></tr>
370	@ <tr><th valign="top">6</th>
371	@ <td><i>Forum-Supervisor:</i> \
372	@ Forum administrator
373	@ <tr><th valign="top">7</th>
374	@ <td><i>Email-Alerts:</i> Sign up for email nofications</td></tr>
375	@ <tr><th valign="top">A</th>
376	@ <td><i>Announce:</i> Send announcements</td></tr>
377	@ <tr><th valign="top">D</th>
378

	--- src/setup.c
	+++ src/setup.c
	@@ -367,11 +367,11 @@
367	@ <td><i>Forum-Trusted:</i> Add pre-approved forum posts </td></tr>
368	@ <tr><th valign="top">5</th>
369	@ <td><i>Forum-Moderator:</i> Approve or disapprove forum posts</td></tr>
370	@ <tr><th valign="top">6</th>
371	@ <td><i>Forum-Supervisor:</i> \
372	@ Forum administrator: Set or remove capability "4" for other users
373	@ <tr><th valign="top">7</th>
374	@ <td><i>Email-Alerts:</i> Sign up for email nofications</td></tr>
375	@ <tr><th valign="top">A</th>
376	@ <td><i>Announce:</i> Send announcements</td></tr>
377	@ <tr><th valign="top">D</th>
378

Fossil SCM

Keyboard Shortcuts