Fossil SCM

Even in server mode, fossil considers any user connecting from 127.0.0.1 to be super user. It seems like no policy mechanism is in effect whatsoever. This is especially troubling in case you are proxy-ing traffic from a web server (say lighttpd) to a fossil instance in server mode, where both programs run on the same machine.

Also, when connecting to a fossil server over SSH and both SSHd and fossil run on the same machine, your connection is considered to originate from 127.0.0.1. No policy can be applied on such users and anybody connecting in this way is treated as super user. This not only affects fossil in server mode but also fossil running as CGI executed by web server, if the web server and SSHd are on the same machine.

anonymous added on 2010-11-18 01:46:21: So under Admin -> Access check the "Require password for local access" setting.

drh added on 2010-11-18 02:38:50: Anonymous above is correct. The "treat-localhost-as-root" mode can be turned off easily enough if you are setting up a server that is accepting connections that proxied through localhost.

anonymous added on 2010-11-18 08:18:25: Thank you. Shouldn't it be always ON in server mode?