On Mon, 30 Jan 2006, Tollef Fog Heen wrote:
* Norbert Tretkowski
| > I would think the latter isn't particularly great since it prevents
| > more than one user to use PyBlosxom on a given machine.
|
| Agreed. I'll think about it.
It's the site-wide configuration file. It's trivial to set up a
* Norbert Tretkowski
| No... /etc/pyblosxom/ is owned by root, pyblosxom.cgi is started from
| apache(2), which runs as user www-data. So, no way to create config.py
| in /etc/pyblosxom.
apache isn't a syscall just yet. ;-)
| > Or are they supposed to configure config.py in /etc/pyblosxom?
|
|
* will guaraldi wrote:
> On Sun, 29 Jan 2006, Norbert Tretkowski wrote:
> > On Debian systems, there's no config.pyc created, so I'm a bit
> > puzzled about this bugreport.
>
> Well, there's no config.pyc file created at install time. But if
> someone sets up their blog and points their blog at
>
On Sun, 29 Jan 2006, Norbert Tretkowski wrote:
* will guaraldi wrote:
I discovered this vulnerability while playing with pyblosxom, which
uses python files to store configuration information. The way it is
packaged by Debian, the global config file /etc/pyblosxom/config.py
is created with 640 p
* will guaraldi wrote:
>> I discovered this vulnerability while playing with pyblosxom, which
>> uses python files to store configuration information. The way it is
>> packaged by Debian, the global config file /etc/pyblosxom/config.py
>> is created with 640 permissions, owned by the root user and
Package: pyblosxom
Severity: normal
I got an email from Ted who got an email from David who got an email
from Zack which reads as follows:
> Hello,
>
> I discovered this vulnerability while playing with pyblosxom, which uses
> python files to store configuration information. The way it is packag
6 matches
Mail list logo
