Re: pkg/40532: privoxy ignores user:group and has wheel permissionsand so everyone accessing privoxy admin page

[Cem Kayali <cemkayali%eticaret.com.tr@localhost>]

Hi,

Please check the screenshot i've sent. It shows the details.

>It is well possible that privoxy opens its config file before changing 
its privileges.

Well, if it runs as privoxy:privoxy it can not open a file that is 
chown=root:wheel and chmod=661. That's the strange thing.


Regards,
Cem


Matthias Drochner, 02/02/09 21:06:
> So could you please run the
> ps ax -o uid,gid,command|grep privoxy
> as I did?
> And what "puser" was set to in /etc/rc.d/privoxy?
>
> I believe the right way to disable modification through
> the web interface is to set "enable-edit-actions" in the
> config file to "0". And possibly some more - there are
> lots of comments.
> It is well possible that privoxy opens its config file
> before changing its privileges.
>
> best regards
> Matthias
>
>
>
>
> -------------------------------------------------------------------
> -------------------------------------------------------------------
> Forschungszentrum Juelich GmbH
> 52425 Juelich
>
> Sitz der Gesellschaft: Juelich
> Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
> Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
> Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
> Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
> Dr. Sebastian M. Schmidt
> -------------------------------------------------------------------
> -------------------------------------------------------------------
>
>