You are here: Home Topics security


Dec 08, 2008

Quills Weblog Admin

Quills weblog admin portlet shouldn't display to non-privileged users.

A bug I encountered with Quills weblog product is the weblog admin portlet being viewable to non-privileged users. This was not a desired result, so off to google I went.
Luckily there was already a diff I could use to patch the offending code in parts/instance/lib/python/quills/app/portlets/

Here is the link to the diff: . Patch the file and the portlet is no longer viewable to non-privileged users.

Dec 03, 2008

What You Don't Know

Earlier today while logged into irc, someone asked what the repercussions of chmod 644 /var/log/messages would be. Wanting to save someone from themselves (as well as work on my people skills), I replied.


Logs are mostly a security tool and the default permissions are in place as part of the security. I would recommend a tool such as logcheck, which is fairly easy to configure out of the box. It will also mail reports to the user of your choice.


I must be getting into the holiday spirit.



Powered by ScribeFire.