[jira] Commented: (MSITE-141) Possible security hole when deploying site

Lukas Theussl (JIRA) Tue, 28 Jul 2009 01:48:30 -0700

    [ 
http://jira.codehaus.org/browse/MSITE-141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=185086#action_185086
 ]


Lukas Theussl commented on MSITE-141:
-------------------------------------

The maven 1 site plugin had the two options maven.site.chmod.options and 
maven.site.chmod.mode. I guess we should add similar parameters to make it 
configurable, as the chmod command is currently hard-coded in SiteDeployMojo 
and SiteStageDeployMojo.

> Possible security hole when deploying site
> ------------------------------------------
>
>                 Key: MSITE-141
>                 URL: http://jira.codehaus.org/browse/MSITE-141
>             Project: Maven 2.x Site Plugin
>          Issue Type: Bug
>          Components: site:deploy
>    Affects Versions: 2.0-beta-5
>         Environment: Linux gentoo 2.6.16 64bit, maven 2.0.2
>            Reporter: Martin Vysny
>            Priority: Critical
>             Fix For: 2.1
>
>
> When the site is deployed into a directory /foo/bar, the following command is 
> issued over a ssh:
> chmod -Rf g+w /foo/bar/
> it was intended to use g+r I presume? :-)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (MSITE-141) Possible security hole when deploying site

Reply via email to