Fossil: Diff

Differences From Artifact [ea45c62273]:

File src/security_audit.c — part of check-in [0c374456b3] at 2020-02-27 19:16:53 on branch trunk — More information on Setup and in Security-Audit to help admins configure Public Pages with the correct capabilities. (user: drh size: 24228)

To Artifact [f341318437]:

File src/security_audit.c — part of check-in [8059b9cac1] at 2020-03-12 18:17:19 on branch eradicate-d-cap — Repurposed the check for "d" cap in the Security Audit page to warn that it should be removed from use. It checks the anonymous, developer, and reader users for it only, not any one-off uses. It also doesn't check Setup or Admin, but presumably whatever we reuse "d" for in the future will be granted to them by default. (user: wyoung size: 24539) [more...]

︙
92 93 94 95 96 97 98 99 100 101 102 103 104 105	92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107	+ +	This page requires administrator access. It is usually accessed using the Admin/Security-Audit menu option from any of the default skins. / void secaudit0_page(void){ const char zAnonCap; /* Capabilities of user "anonymous" and "nobody" / const char zDevCap; /* Capabilities of user group "developer" / const char zReadCap; /* Capabilities of user group "reader" / const char zPubPages; /* GLOB pattern for public pages / const char zSelfCap; /* Capabilities of self-registered users / int hasSelfReg = 0; / True if able to self-register / char z; int n; CapabilityString pCap; char azCSP; / Parsed content security policy */
︙
114 115 116 117 118 119 120 121 122 123 124 125 126 127	116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131	+ +	/* Step 1: Determine if the repository is public or private. "Public" means that any anonymous user on the internet can access all content. "Private" repos require (non-anonymous) login to access all content, ** though some content may be accessible anonymously. */ zAnonCap = db_text("", "SELECT fullcap(NULL)"); zDevCap = db_text("", "SELECT fullcap('v')"); zReadCap = db_text("", "SELECT fullcap('u')"); zPubPages = db_get("public-pages",0); hasSelfReg = db_get_boolean("self-register",0); pCap = capability_add(0, db_get("default-perms",0)); capability_expand(pCap); zSelfCap = capability_string(pCap); capability_free(pCap); if( hasAnyCap(zAnonCap,"as") ){
︙
276 277 278 279 280 281 282 ~~283 284~~ ~~285 286~~ 287 ~~288 289~~ ~~290 291~~ 292 293 294 295 296 297 298	280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303	- - + - - + + + - - + + + - - + +	@ forum posts. This defeats the whole purpose of moderation. @ <p>Fix this by removing the "Mod-Wiki", "Mod-Tkt", and "Mod-Forum" @ privileges (<a href="%R/setup_ucap_list">capabilities</a> "fq5") @ from users "anonymous" and "nobody" @ on the <a href="setup_ulist">User Configuration</a> page. } ~~~~/* Anonymous users probably should not be allowed to delete~~ ** ~~wiki or tick~~ets.~~ /* Obsolete: / / if( hasAnyCap(zAnonCap, "d") ){ if( hasAnyCap(zAnonCap, "d") \|\| hasAnyCap(zDevCap, "d") \|\| hasAnyCap(zReadCap, "d") ){ @ <li><p><b>WARNING:</b> ~~@ ~~Anony~~mous users ca~~n delet~~e ~~wiki and tickets.~~ @ <p>Fix th~~is by~~ removing the ~~"Delete"~~~~ @ One or more users has the <a @ href="https://fossil-scm.org/forum/forumpost/43c78f4bef">obsolete</a> @ "d" capability. You should remove it using the ~~~~@ privilege from users "anonymous" and "nobody" on the~~ @ <a href="setup_ulist">User Configuration</a> page.~~ @ <a href="setup_ulist">User Configuration</a> page in case we @ ever reuse the letter for another purpose. } /* If anonymous users are allowed to create new Wiki, then ** wiki moderation should be activated to pervent spam. */ if( hasAnyCap(zAnonCap, "fk") ){ if( db_get_boolean("modreq-wiki",0)==0 ){
︙