[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Social-discuss] Security improvement for NginX (and bug tracker reg
|
From: |
Ivan Vilata i Balaguer |
|
Subject: |
Re: [Social-discuss] Security improvement for NginX (and bug tracker registration) |
|
Date: |
Mon, 5 Oct 2015 18:54:01 +0200 |
|
User-agent: |
Mutt/1.5.24 (2015-08-30) |
chimo (2015-10-05 09:15:23 -0400) wrote:
> On 2015-10-05 07:18, Ivan Vilata i Balaguer wrote:
> >
> >I'm attaching a small patch to the sample NginX configuration file to
> >strengthen it a little bit against PHP files uploaded to
> >application-writable directories, to avoid e.g. a user attaching a
> >PHP file which could be run with installation user permissions.
> >Maybe GNU social already has some built-in checks for this, I
> >don't know.
> >
> >I tried to open a bug/feature request for this in the
> >[Phabricator](https://bugz.foocorp.net/), but registration address
> >validation emails seem to not be sent (I've tried several times on
> >different days, checked the spam folder and the receiving server mail
> >logs, but no trace).
>
> The codebase and issue tracker for GNU social has been moved to
> https://git.gnu.io/gnu/gnu-social
Umm, <https://gnu.io/social/resources/> still points to the Phabricator
web page, maybe it should be updated. I was able to register in GitLab
and create [issue #78](https://git.gnu.io/gnu/gnu-social/issues/78) with
the patch attached to it.
> The .diff file you attached only contains the following on my end: "dl
> oct 5 13:18:02 CEST 2015"
Sorry, it looks like I messed it. I'm attaching the patch (although
it's also attached to the issue above).
Thanks!
--
Ivan Vilata i Balaguer -- https://elvil.net/
serve-uploaded-php.diff
Description: Text Data