This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Security Issue docs/ACME.md advises user to do chmod 777 #5901
Labels
A-Docs
things relating to the documentation
Security
T-Task
Refactoring, removal, replacement, enabling or disabling functionality, other engineering tasks.
Z-Help-Wanted
We know exactly how to fix this issue, and would be grateful for any contribution
z-p2
(Deprecated Label)
Comments
neilisfragile
added
A-Docs
|
The document in question is https://github.com/matrix-org/synapse/blob/master/docs/ACME.md#authbind, and the doc in question seems to have come from #4547. @anoadragon453 do you remember the reason for chmod 777 here? I agree it seems dangerous. @zem we'd welcome a PR. |
MadLittleMods
added
Security
Z-Help-Wanted
|
given we don't support ACME any more, this seems to have fixed itself. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
A user should never be advised to do chmod 777 on the system, as there are always some users who follow the manual. Please fix the documentation. (I have not tested what authbind manual tells but, chmod 555 should be enough here)
grep -R 777 *:
docs/ACME.md:sudo chmod 777 /etc/authbind/byport/80
The text was updated successfully, but these errors were encountered: