[ww-bugs] Bug 3410: permission issue for professor editing course.conf
bugzilla-daemon at webwork.maa.org
bugzilla-daemon at webwork.maa.org
Fri Sep 4 18:44:18 EDT 2015
http://bugs.webwork.maa.org/show_bug.cgi?id=3410
--- Comment #3 from Geoff Goehle <goehle at gmail.com> 2015-09-04 18:44:17 ---
Unfortunately security is inversely proportional to convenience. If there are
enough complains then we can look at leaving those files editable by default.
However its trivial to do arbitrary code execution in the current setup. That
security issue needs to be addressed and its much safer if allowing professors
to execute arbitrary code on your server is opt-in and not opt-out. I
understand that this is not necessarily how things have been done
traditionally, but there are a lot more servers out there hosting courses and
professors outside of their university (the MAA servers being the primary
example).
--
Configure bugmail: http://bugs.webwork.maa.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the webwork-bugs
mailing list