https://bugzilla.redhat.com/show_bug.cgi?id=844013
--- Comment #4 from Michael Scherer <m...@zarb.org> ---
There is no mention of the origin of the favicon :
Source1: favicon
I am also surprised by some permission, do we want apache to be able to modify
all those files :
%defattr(-,apache,apache,-)
%{brokerdir}
%{htmldir}/broker
%config(noreplace) %{brokerdir}/config/environments/production.rb
%config(noreplace) %{brokerdir}/config/environments/development.rb
%config(noreplace) %{_sysconfdir}/httpd/conf.d/000000_stickshift_proxy.conf
%attr(0664,-,-) %ghost %{brokerdir}/log/production.log
%attr(0664,-,-) %ghost %{brokerdir}/log/development.log
%attr(0664,-,-) %ghost %{brokerdir}/httpd/logs/error_log
%attr(0664,-,-) %ghost %{brokerdir}/httpd/logs/access_log
I see why for logs, but the rest seems to me rather strange, if we run process
under the apache uid, they shouldn't mess with anything like rails config and
such, in case of compromise of the apache process.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
package-review mailing list
package-review@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-review
