My Subsonic runs on OpenSUSE 13.2 as user subsonic.
However, if I allow uploads, the uploaded files are owned by root:root, and are executable!
This is a severe bug since uploaders can put any executable there and run it as root.
Also, there should be a way to specify the location of the upload directory to take it out of the Music folder.
Uploading seems to be a security risk!
Moderator: moderators
1 post
• Page 1 of 1
Uploading seems to be a security risk!
by jarome » Tue Nov 11, 2014 8:11 pm
- jarome
- Posts: 88
- Joined: Sat Apr 16, 2011 2:53 am
1 post
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 11 guests